From 27fb4718481a163cd7b555728937dc02c85be5d4 Mon Sep 17 00:00:00 2001 From: sebhoss Date: Fri, 21 Jun 2024 10:06:03 +0000 Subject: [PATCH] Update upstream specifications to their latest version --- .../v1beta1/pgadmins.yaml | 187 +- .../v1beta1/pgupgrades.yaml | 110 +- .../v1beta1/postgresclusters.yaml | 1707 +- .../datadoghq.com/v1alpha1/datadogagents.yaml | 1171 +- .../v1alpha1/datadogmonitors.yaml | 15 + .../datadoghq.com/v2alpha1/datadogagents.yaml | 1766 ++- .../v1/integrationplatforms.yaml | 24 + .../v1/integrationprofiles.yaml | 24 + .../camel.apache.org/v1/integrations.yaml | 12 + .../camel-k/camel.apache.org/v1/pipes.yaml | 12 + .../v1alpha1/kameletbindings.yaml | 12 + .../apps.kubeblocks.io/v1alpha1/clusters.yaml | 8906 +++++++---- .../v1alpha1/componentdefinitions.yaml | 5 +- .../v1alpha1/components.yaml | 1063 ++ .../cert-manager.io/v1/clusterissuers.yaml | 13 + .../cert-manager.io/v1/issuers.yaml | 13 + .../v2alpha1/ciliumloadbalancerippools.yaml | 14 - .../postgresql.cnpg.io/v1/clusters.yaml | 12 + .../v1beta2/cryostats.yaml | 2 +- .../v1alpha1/clustersecretstores.yaml | 2 + .../v1alpha1/externalsecrets.yaml | 2 + .../v1alpha1/secretstores.yaml | 2 + .../v1beta1/clusterexternalsecrets.yaml | 2 + .../v1beta1/clustersecretstores.yaml | 7 + .../v1beta1/externalsecrets.yaml | 2 + .../v1beta1/secretstores.yaml | 7 + .../canaries.flanksource.com/v1/canaries.yaml | 137 + .../v1alpha2/clusterinputs.yaml | 56 + .../v1alpha2/miniclusters.yaml | 12 + .../v1beta1/grafanadashboards.yaml | 50 + .../v1beta1/grafanadatasources.yaml | 28 + .../v1beta1/grafanafolders.yaml | 18 + .../v1beta1/grafanas.yaml | 1252 ++ .../k8gb/k8gb.absa.oss/v1beta1/gslbs.yaml | 68 +- .../v1alpha1/clusterflows.yaml | 8 + .../v1alpha1/flows.yaml | 4 + .../v1beta1/clusterflows.yaml | 8 + .../logging.banzaicloud.io/v1beta1/flows.yaml | 4 + .../v1beta1/admissionchecks.yaml | 6 +- .../executor.testkube.io/v1/webhooks.yaml | 3 + .../v1beta1/migrations.yaml | 6 + .../forklift.konveyor.io/v1beta1/plans.yaml | 9 + .../v1alpha2/configurations.yaml | 499 +- .../chainsaw.kyverno.io/v1alpha2/tests.yaml | 635 +- .../kyverno.io/v1/clusterpolicies.yaml | 32 +- .../kyverno/kyverno.io/v1/policies.yaml | 32 +- .../kyverno.io/v1beta1/updaterequests.yaml | 3 +- .../kyverno/kyverno.io/v2/updaterequests.yaml | 2 +- .../kyverno.io/v2beta1/clusterpolicies.yaml | 29 +- .../kyverno/kyverno.io/v2beta1/policies.yaml | 29 +- .../selfnoderemediationtemplates.yaml | 2 + .../v1beta1/flowcollectors.yaml | 12 + .../v1beta2/flowcollectors.yaml | 162 +- .../k8s.nginx.org/v1/policies.yaml | 18 + .../hive.openshift.io/v1/hiveconfigs.yaml | 3 + .../ptp.openshift.io/v1/ptpconfigs.yaml | 4 + .../v1/ptpoperatorconfigs.yaml | 3 + .../v2/perconapgclusters.yaml | 2 + .../v1alpha1/perconaservermysqls.yaml | 15 +- .../v1/felixconfigurations.yaml | 6 + .../v1/prometheuses.yaml | 95 +- .../v1alpha1/alertmanagerconfigs.yaml | 4 + .../v1alpha1/prometheusagents.yaml | 63 +- .../v1beta1/alertmanagerconfigs.yaml | 4 + .../rook/ceph.rook.io/v1/cephblockpools.yaml | 3 + .../rook/ceph.rook.io/v1/cephclusters.yaml | 2 +- .../rook/ceph.rook.io/v1/cephfilesystems.yaml | 6 + .../ceph.rook.io/v1/cephobjectstores.yaml | 6 + .../rook/ceph.rook.io/v1/cephobjectzones.yaml | 6 + .../v1/authconfigs.yaml | 39 + .../gloo/gateway.solo.io/v1/routeoptions.yaml | 3 + .../gloo/gateway.solo.io/v1/routetables.yaml | 3 + .../gateway.solo.io/v1/virtualservices.yaml | 3 + .../v1alpha1/patterns.yaml | 10 +- .../apps_kubeblocks_io/v1alpha1/clusters.rs | 12868 ++++++++++------ .../v1alpha1/componentdefinitions.rs | 12 +- .../apps_kubeblocks_io/v1alpha1/components.rs | 1617 ++ .../src/ceph_rook_io/v1/cephblockpools.rs | 3 + .../src/ceph_rook_io/v1/cephfilesystems.rs | 6 + .../src/ceph_rook_io/v1/cephobjectstores.rs | 6 + .../src/ceph_rook_io/v1/cephobjectzones.rs | 6 + .../src/cert_manager_io/v1/clusterissuers.rs | 27 + .../src/cert_manager_io/v1/issuers.rs | 27 + .../v1alpha2/configurations.rs | 428 +- .../src/chainsaw_kyverno_io/v1alpha2/tests.rs | 564 +- .../v2alpha1/ciliumloadbalancerippools.rs | 14 - .../datadoghq_com/v1alpha1/datadogagents.rs | 1468 +- .../datadoghq_com/v1alpha1/datadogmonitors.rs | 12 + .../datadoghq_com/v2alpha1/datadogagents.rs | 2109 ++- .../src/executor_testkube_io/v1/webhooks.rs | 3 + .../v1beta1/clustersecretstores.rs | 3 + .../v1beta1/secretstores.rs | 3 + .../v1beta2/flowcollectors.rs | 144 +- .../v1alpha2/clusterinputs.rs | 56 + .../v1alpha2/miniclusters.rs | 10 + .../v1beta1/migrations.rs | 6 + .../src/forklift_konveyor_io/v1beta1/plans.rs | 9 + .../v1alpha1/patterns.rs | 12 +- .../v1beta1/grafanadashboards.rs | 93 + .../v1beta1/grafanadatasources.rs | 47 + .../v1beta1/grafanafolders.rs | 24 + .../src/hive_openshift_io/v1/hiveconfigs.rs | 3 + .../src/k8gb_absa_oss/v1beta1/gslbs.rs | 183 +- .../src/k8s_nginx_org/v1/policies.rs | 22 + .../kueue_x_k8s_io/v1beta1/admissionchecks.rs | 17 +- .../src/kyverno_io/v1/clusterpolicies.rs | 47 +- .../src/kyverno_io/v1/policies.rs | 47 +- .../src/kyverno_io/v2beta1/clusterpolicies.rs | 42 +- .../src/kyverno_io/v2beta1/policies.rs | 42 +- .../v1alpha1/clusterflows.rs | 4 + .../logging_banzaicloud_io/v1alpha1/flows.rs | 2 + .../v1beta1/clusterflows.rs | 4 + .../logging_banzaicloud_io/v1beta1/flows.rs | 2 + .../monitoring_coreos_com/v1/prometheuses.rs | 175 +- .../v1alpha1/alertmanagerconfigs.rs | 3 + .../v1alpha1/prometheusagents.rs | 129 +- .../v1beta1/alertmanagerconfigs.rs | 3 + .../operator_cryostat_io/v1beta2/cryostats.rs | 2 +- .../pgv2_percona_com/v2/perconapgclusters.rs | 3 +- .../v1beta1/pgadmins.rs | 125 +- .../v1beta1/pgupgrades.rs | 54 +- .../v1beta1/postgresclusters.rs | 1200 +- .../v1alpha1/perconaservermysqls.rs | 18 +- 123 files changed, 28657 insertions(+), 11543 deletions(-) diff --git a/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/pgadmins.yaml b/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/pgadmins.yaml index 1ea3f146d..fa9901d60 100644 --- a/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/pgadmins.yaml +++ b/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/pgadmins.yaml @@ -62,11 +62,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -83,11 +85,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" weight: description: "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100." @@ -98,6 +102,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node." properties: @@ -122,11 +127,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -143,13 +150,16 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -166,7 +176,7 @@ spec: description: "Required. A pod affinity term, associated with the corresponding weight." properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -184,17 +194,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -214,11 +238,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -230,6 +256,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -245,13 +272,14 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." items: description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -269,17 +297,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -299,11 +341,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -315,6 +359,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -322,6 +367,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -335,7 +381,7 @@ spec: description: "Required. A pod affinity term, associated with the corresponding weight." properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -353,17 +399,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -383,11 +443,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -399,6 +461,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -414,13 +477,14 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." items: description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -438,17 +502,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -468,11 +546,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -484,6 +564,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -491,6 +572,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" config: @@ -503,6 +585,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -516,6 +599,56 @@ spec: items: description: "Projection that may be projected along with other supported volume types" properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. \n Alpha, gated by the ClusterTrustBundleProjection feature gate. \n ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. \n Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time." + properties: + labelSelector: + description: "Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as \"match nothing\". If set but empty, interpreted as \"match everything\"." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + name: + description: "Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector." + type: "string" + optional: + description: "If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles." + type: "boolean" + path: + description: "Relative path from the volume root to write the bundle." + type: "string" + signerName: + description: "Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated." + type: "string" + required: + - "path" + type: "object" configMap: description: "configMap information about the configMap data to project" properties: @@ -539,7 +672,9 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -555,7 +690,7 @@ spec: description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" properties: fieldRef: - description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -596,6 +731,7 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" secret: description: "secret information about the secret data to project" @@ -620,7 +756,9 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -656,6 +794,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -677,8 +816,9 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" dataSource: - description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field." + description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." properties: apiGroup: description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." @@ -694,7 +834,7 @@ spec: - "name" type: "object" dataSourceRef: - description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled." + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." properties: apiGroup: description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." @@ -705,6 +845,9 @@ spec: name: description: "Name is the name of resource being referenced" type: "string" + namespace: + description: "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + type: "string" required: - "kind" - "name" @@ -728,7 +871,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" selector: @@ -750,11 +893,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -764,6 +909,9 @@ spec: storageClassName: description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" + volumeAttributesClassName: + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec." type: "string" @@ -787,6 +935,7 @@ spec: description: "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace." properties: name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" @@ -809,6 +958,21 @@ spec: resources: description: "Resource requirements for the PGAdmin container." properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -825,7 +989,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" serverGroups: @@ -857,11 +1021,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -912,6 +1078,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -946,7 +1113,7 @@ spec: conditions: description: "conditions represent the observations of pgAdmin's current state. Known .status.conditions.type is: \"PersistentVolumeResizing\"" items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." diff --git a/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/pgupgrades.yaml b/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/pgupgrades.yaml index e8a478d83..3968ad759 100644 --- a/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/pgupgrades.yaml +++ b/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/pgupgrades.yaml @@ -62,11 +62,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -83,11 +85,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" weight: description: "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100." @@ -98,6 +102,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node." properties: @@ -122,11 +127,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -143,13 +150,16 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -166,7 +176,7 @@ spec: description: "Required. A pod affinity term, associated with the corresponding weight." properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -184,17 +194,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -214,11 +238,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -230,6 +256,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -245,13 +272,14 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." items: description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -269,17 +297,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -299,11 +341,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -315,6 +359,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -322,6 +367,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -335,7 +381,7 @@ spec: description: "Required. A pod affinity term, associated with the corresponding weight." properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -353,17 +399,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -383,11 +443,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -399,6 +461,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -414,13 +477,14 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." items: description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -438,17 +502,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -468,11 +546,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -484,6 +564,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -491,6 +572,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" fromPostgresVersion: @@ -514,6 +596,7 @@ spec: description: "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace." properties: name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" @@ -540,6 +623,21 @@ spec: resources: description: "Resource requirements for the PGUpgrade container." properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -556,7 +654,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" toPostgresImage: @@ -601,7 +699,7 @@ spec: conditions: description: "conditions represent the observations of PGUpgrade's current state." items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." diff --git a/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/postgresclusters.yaml b/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/postgresclusters.yaml index a353be3f0..941040db8 100644 --- a/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/postgresclusters.yaml +++ b/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/postgresclusters.yaml @@ -43,6 +43,56 @@ spec: items: description: "Projection that may be projected along with other supported volume types" properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. \n Alpha, gated by the ClusterTrustBundleProjection feature gate. \n ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. \n Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time." + properties: + labelSelector: + description: "Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as \"match nothing\". If set but empty, interpreted as \"match everything\"." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + name: + description: "Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector." + type: "string" + optional: + description: "If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles." + type: "boolean" + path: + description: "Relative path from the volume root to write the bundle." + type: "string" + signerName: + description: "Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated." + type: "string" + required: + - "path" + type: "object" configMap: description: "configMap information about the configMap data to project" properties: @@ -66,7 +116,9 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -82,7 +134,7 @@ spec: description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" properties: fieldRef: - description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -123,6 +175,7 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" secret: description: "secret information about the secret data to project" @@ -147,7 +200,9 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -213,11 +268,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -234,11 +291,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" weight: description: "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100." @@ -249,6 +308,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node." properties: @@ -273,11 +333,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -294,13 +356,16 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -317,7 +382,7 @@ spec: description: "Required. A pod affinity term, associated with the corresponding weight." properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -335,17 +400,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -365,11 +444,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -381,6 +462,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -396,13 +478,14 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." items: description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -420,17 +503,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -450,11 +547,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -466,6 +565,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -473,6 +573,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -486,7 +587,7 @@ spec: description: "Required. A pod affinity term, associated with the corresponding weight." properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -504,17 +605,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -534,11 +649,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -550,6 +667,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -565,13 +683,14 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." items: description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -589,17 +708,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -619,11 +752,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -635,6 +770,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -642,6 +778,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" priorityClassName: @@ -650,6 +787,21 @@ spec: resources: description: "Resource limits for backup jobs. Includes manual, scheduled and replica create backups" properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -666,7 +818,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" tolerations: @@ -758,11 +910,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -779,11 +933,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" weight: description: "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100." @@ -794,6 +950,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node." properties: @@ -818,11 +975,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -839,13 +998,16 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -862,7 +1024,7 @@ spec: description: "Required. A pod affinity term, associated with the corresponding weight." properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -880,17 +1042,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -910,11 +1086,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -926,6 +1104,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -941,13 +1120,14 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." items: description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -965,17 +1145,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -995,11 +1189,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1011,6 +1207,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -1018,6 +1215,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -1031,7 +1229,7 @@ spec: description: "Required. A pod affinity term, associated with the corresponding weight." properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -1049,17 +1247,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -1079,11 +1291,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1095,6 +1309,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -1110,13 +1325,14 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." items: description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -1134,17 +1350,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -1164,11 +1394,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1180,6 +1412,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -1187,6 +1420,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" priorityClassName: @@ -1195,6 +1429,21 @@ spec: resources: description: "Resource requirements for a pgBackRest repository host" properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -1211,7 +1460,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" sshConfigMap: @@ -1237,7 +1486,9 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -1267,7 +1518,9 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -1321,27 +1574,41 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" maxSkew: description: "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed." format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. \n This is an alpha field and requires enabling MinDomainsInPodTopologySpread feature gate." + description: "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew." format: "int32" type: "integer" + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: "string" + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: "string" topologyKey: - description: "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes match the node selector. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field." + description: "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field." type: "string" whenUnsatisfiable: description: "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered \"Unsatisfiable\" for an incoming pod if and only if every possible node assignment for that pod would violate \"MaxSkew\" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field." @@ -1425,8 +1692,9 @@ spec: type: "string" minItems: 1 type: "array" + x-kubernetes-list-type: "atomic" dataSource: - description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field." + description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." properties: apiGroup: description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." @@ -1442,7 +1710,7 @@ spec: - "name" type: "object" dataSourceRef: - description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled." + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." properties: apiGroup: description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." @@ -1453,6 +1721,9 @@ spec: name: description: "Name is the name of resource being referenced" type: "string" + namespace: + description: "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + type: "string" required: - "kind" - "name" @@ -1476,7 +1747,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" required: - "storage" type: "object" @@ -1502,11 +1773,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1516,6 +1789,9 @@ spec: storageClassName: description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" + volumeAttributesClassName: + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec." type: "string" @@ -1570,11 +1846,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -1591,11 +1869,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" weight: description: "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100." @@ -1606,6 +1886,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node." properties: @@ -1630,11 +1911,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -1651,13 +1934,16 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -1674,7 +1960,7 @@ spec: description: "Required. A pod affinity term, associated with the corresponding weight." properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -1692,17 +1978,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -1722,11 +2022,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1738,6 +2040,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -1753,13 +2056,14 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." items: description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -1777,17 +2081,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -1807,11 +2125,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1823,6 +2143,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -1830,6 +2151,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -1843,7 +2165,7 @@ spec: description: "Required. A pod affinity term, associated with the corresponding weight." properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -1861,17 +2183,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -1891,11 +2227,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1907,6 +2245,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -1922,13 +2261,14 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." items: description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -1946,17 +2286,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -1976,11 +2330,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1992,6 +2348,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -1999,6 +2356,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" clusterName: @@ -2026,6 +2384,21 @@ spec: resources: description: "Resource requirements for the pgBackRest restore Job." properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -2042,7 +2415,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" tolerations: @@ -2081,6 +2454,21 @@ spec: resources: description: "Resource requirements for a sidecar container" properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -2097,7 +2485,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" type: "object" @@ -2107,6 +2495,21 @@ spec: resources: description: "Resource requirements for a sidecar container" properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -2123,7 +2526,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" type: "object" @@ -2140,6 +2543,56 @@ spec: items: description: "Projection that may be projected along with other supported volume types" properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. \n Alpha, gated by the ClusterTrustBundleProjection feature gate. \n ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. \n Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time." + properties: + labelSelector: + description: "Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as \"match nothing\". If set but empty, interpreted as \"match everything\"." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + name: + description: "Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector." + type: "string" + optional: + description: "If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles." + type: "boolean" + path: + description: "Relative path from the volume root to write the bundle." + type: "string" + signerName: + description: "Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated." + type: "string" + required: + - "path" + type: "object" configMap: description: "configMap information about the configMap data to project" properties: @@ -2163,7 +2616,9 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -2179,7 +2634,7 @@ spec: description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" properties: fieldRef: - description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -2220,6 +2675,7 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" secret: description: "secret information about the secret data to project" @@ -2244,7 +2700,9 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -2293,7 +2751,9 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -2323,7 +2783,9 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -2366,11 +2828,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -2387,11 +2851,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" weight: description: "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100." @@ -2402,6 +2868,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node." properties: @@ -2426,11 +2893,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -2447,13 +2916,16 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -2470,7 +2942,7 @@ spec: description: "Required. A pod affinity term, associated with the corresponding weight." properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -2488,17 +2960,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -2518,11 +3004,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -2534,6 +3022,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -2549,13 +3038,14 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." items: description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -2573,17 +3063,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -2603,11 +3107,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -2619,6 +3125,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -2626,6 +3133,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -2639,7 +3147,7 @@ spec: description: "Required. A pod affinity term, associated with the corresponding weight." properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -2657,17 +3165,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -2687,11 +3209,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -2703,6 +3227,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -2718,13 +3243,14 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." items: description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -2742,17 +3268,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -2772,11 +3312,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -2788,6 +3330,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -2795,6 +3338,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" configuration: @@ -2802,6 +3346,56 @@ spec: items: description: "Projection that may be projected along with other supported volume types" properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. \n Alpha, gated by the ClusterTrustBundleProjection feature gate. \n ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. \n Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time." + properties: + labelSelector: + description: "Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as \"match nothing\". If set but empty, interpreted as \"match everything\"." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + name: + description: "Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector." + type: "string" + optional: + description: "If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles." + type: "boolean" + path: + description: "Relative path from the volume root to write the bundle." + type: "string" + signerName: + description: "Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated." + type: "string" + required: + - "path" + type: "object" configMap: description: "configMap information about the configMap data to project" properties: @@ -2825,7 +3419,9 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -2841,7 +3437,7 @@ spec: description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" properties: fieldRef: - description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -2882,6 +3478,7 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" secret: description: "secret information about the secret data to project" @@ -2906,7 +3503,9 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -3013,8 +3612,9 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" dataSource: - description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field." + description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." properties: apiGroup: description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." @@ -3030,7 +3630,7 @@ spec: - "name" type: "object" dataSourceRef: - description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled." + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." properties: apiGroup: description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." @@ -3041,6 +3641,9 @@ spec: name: description: "Name is the name of resource being referenced" type: "string" + namespace: + description: "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + type: "string" required: - "kind" - "name" @@ -3064,7 +3667,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" selector: @@ -3086,11 +3689,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -3100,6 +3705,9 @@ spec: storageClassName: description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" + volumeAttributesClassName: + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec." type: "string" @@ -3116,6 +3724,21 @@ spec: resources: description: "Resource requirements for the pgBackRest restore Job." properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -3132,7 +3755,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" stanza: @@ -3199,11 +3822,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -3220,11 +3845,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" weight: description: "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100." @@ -3235,6 +3862,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node." properties: @@ -3259,11 +3887,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -3280,13 +3910,16 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -3303,7 +3936,7 @@ spec: description: "Required. A pod affinity term, associated with the corresponding weight." properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -3321,17 +3954,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -3351,11 +3998,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -3367,6 +4016,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -3382,13 +4032,14 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." items: description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -3406,17 +4057,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -3436,11 +4101,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -3452,6 +4119,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -3459,6 +4127,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -3472,7 +4141,7 @@ spec: description: "Required. A pod affinity term, associated with the corresponding weight." properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -3490,17 +4159,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -3520,11 +4203,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -3536,6 +4221,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -3551,13 +4237,14 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." items: description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -3575,17 +4262,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -3605,11 +4306,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -3621,6 +4324,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -3628,6 +4332,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" clusterName: @@ -3651,6 +4356,21 @@ spec: resources: description: "Resource requirements for the pgBackRest restore Job." properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -3667,7 +4387,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" tolerations: @@ -3769,6 +4489,7 @@ spec: description: "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace." properties: name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" @@ -3807,11 +4528,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -3828,11 +4551,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" weight: description: "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100." @@ -3843,6 +4568,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node." properties: @@ -3867,11 +4593,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -3888,13 +4616,16 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -3911,7 +4642,7 @@ spec: description: "Required. A pod affinity term, associated with the corresponding weight." properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -3929,17 +4660,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -3959,11 +4704,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -3975,6 +4722,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -3990,13 +4738,14 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." items: description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -4014,17 +4763,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -4044,11 +4807,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -4060,6 +4825,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -4067,6 +4833,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -4080,7 +4847,7 @@ spec: description: "Required. A pod affinity term, associated with the corresponding weight." properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -4098,17 +4865,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -4128,11 +4909,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -4144,6 +4927,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -4159,13 +4943,14 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." items: description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -4183,17 +4968,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -4213,11 +5012,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -4229,6 +5030,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -4236,6 +5038,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" containers: @@ -4248,11 +5051,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" command: description: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" env: description: "List of environment variables to set in the container. Cannot be updated." items: @@ -4274,6 +5079,7 @@ spec: description: "The key to select." type: "string" name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -4320,6 +5126,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -4333,6 +5140,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" envFrom: description: "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated." items: @@ -4342,6 +5152,7 @@ spec: description: "The ConfigMap to select from" properties: name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -4355,6 +5166,7 @@ spec: description: "The Secret to select from" properties: name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -4363,6 +5175,7 @@ spec: type: "object" type: "object" type: "array" + x-kubernetes-list-type: "atomic" image: description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." type: "string" @@ -4383,6 +5196,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" httpGet: description: "HTTPGet specifies the http request to perform." @@ -4396,7 +5210,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -4406,6 +5220,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -4421,6 +5236,16 @@ spec: required: - "port" type: "object" + sleep: + description: "Sleep represents the duration that the container should sleep before being terminated." + properties: + seconds: + description: "Seconds is the number of seconds to sleep." + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified." properties: @@ -4448,6 +5273,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" httpGet: description: "HTTPGet specifies the http request to perform." @@ -4461,7 +5287,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -4471,6 +5297,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -4486,6 +5313,16 @@ spec: required: - "port" type: "object" + sleep: + description: "Sleep represents the duration that the container should sleep before being terminated." + properties: + seconds: + description: "Seconds is the number of seconds to sleep." + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified." properties: @@ -4514,13 +5351,14 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -4544,7 +5382,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -4554,6 +5392,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -4609,7 +5448,7 @@ spec: description: "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated." type: "string" ports: - description: "List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Cannot be updated." + description: "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated." items: description: "ContainerPort represents a network port in a single container." properties: @@ -4650,13 +5489,14 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -4680,7 +5520,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -4690,6 +5530,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -4741,9 +5582,41 @@ spec: format: "int32" type: "integer" type: "object" + resizePolicy: + description: "Resources resize policy for the container." + items: + description: "ContainerResizePolicy represents resource resize policy for the container." + properties: + resourceName: + description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." + type: "string" + restartPolicy: + description: "Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired." + type: "string" + required: + - "resourceName" + - "restartPolicy" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" resources: description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -4760,15 +5633,30 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" + restartPolicy: + description: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is \"Always\". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed." + type: "string" securityContext: description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" properties: allowPrivilegeEscalation: description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." type: "boolean" + appArmorProfile: + description: "appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows." + properties: + localhostProfile: + description: "localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is \"Localhost\"." + type: "string" + type: + description: "type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement." + type: "string" + required: + - "type" + type: "object" capabilities: description: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows." properties: @@ -4778,12 +5666,14 @@ spec: description: "Capability represent POSIX capabilities type" type: "string" type: "array" + x-kubernetes-list-type: "atomic" drop: description: "Removed capabilities" items: description: "Capability represent POSIX capabilities type" type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" privileged: description: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows." @@ -4825,7 +5715,7 @@ spec: description: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows." properties: localhostProfile: - description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\"." + description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: description: "type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." @@ -4843,7 +5733,7 @@ spec: description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: - description: "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true." + description: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true." type: "boolean" runAsUserName: description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." @@ -4861,13 +5751,14 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -4891,7 +5782,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -4901,6 +5792,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -4983,6 +5875,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "devicePath" + x-kubernetes-list-type: "map" volumeMounts: description: "Pod volumes to mount into the container's filesystem. Cannot be updated." items: @@ -4992,7 +5887,7 @@ spec: description: "Path within the container at which the volume should be mounted. Must not contain ':'." type: "string" mountPropagation: - description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10." + description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None)." type: "string" name: description: "This must match the Name of a Volume." @@ -5000,6 +5895,9 @@ spec: readOnly: description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false." type: "boolean" + recursiveReadOnly: + description: "RecursiveReadOnly specifies whether read-only mounts should be handled recursively. \n If ReadOnly is false, this field has no meaning and must be unspecified. \n If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. \n If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). \n If this field is not specified, it is treated as an equivalent of Disabled." + type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root)." type: "string" @@ -5011,6 +5909,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "mountPath" + x-kubernetes-list-type: "map" workingDir: description: "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated." type: "string" @@ -5027,8 +5928,9 @@ spec: type: "string" minItems: 1 type: "array" + x-kubernetes-list-type: "atomic" dataSource: - description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field." + description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." properties: apiGroup: description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." @@ -5044,7 +5946,7 @@ spec: - "name" type: "object" dataSourceRef: - description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled." + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." properties: apiGroup: description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." @@ -5055,6 +5957,9 @@ spec: name: description: "Name is the name of resource being referenced" type: "string" + namespace: + description: "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + type: "string" required: - "kind" - "name" @@ -5078,7 +5983,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" required: - "storage" type: "object" @@ -5104,11 +6009,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -5118,6 +6025,9 @@ spec: storageClassName: description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" + volumeAttributesClassName: + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec." type: "string" @@ -5163,6 +6073,21 @@ spec: resources: description: "Compute resources of a PostgreSQL container." properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -5179,7 +6104,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" sidecars: @@ -5191,6 +6116,21 @@ spec: resources: description: "Resource requirements for a sidecar container" properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -5207,7 +6147,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" type: "object" @@ -5224,8 +6164,9 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" dataSource: - description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field." + description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." properties: apiGroup: description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." @@ -5241,7 +6182,7 @@ spec: - "name" type: "object" dataSourceRef: - description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled." + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." properties: apiGroup: description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." @@ -5252,6 +6193,9 @@ spec: name: description: "Name is the name of resource being referenced" type: "string" + namespace: + description: "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + type: "string" required: - "kind" - "name" @@ -5275,7 +6219,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" selector: @@ -5297,11 +6241,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -5311,6 +6257,9 @@ spec: storageClassName: description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" + volumeAttributesClassName: + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec." type: "string" @@ -5378,27 +6327,41 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" maxSkew: description: "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed." format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. \n This is an alpha field and requires enabling MinDomainsInPodTopologySpread feature gate." + description: "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew." format: "int32" type: "integer" + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: "string" + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: "string" topologyKey: - description: "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes match the node selector. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field." + description: "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field." type: "string" whenUnsatisfiable: description: "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered \"Unsatisfiable\" for an incoming pod if and only if every possible node assignment for that pod would violate \"MaxSkew\" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field." @@ -5418,8 +6381,9 @@ spec: type: "string" minItems: 1 type: "array" + x-kubernetes-list-type: "atomic" dataSource: - description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field." + description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." properties: apiGroup: description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." @@ -5435,7 +6399,7 @@ spec: - "name" type: "object" dataSourceRef: - description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled." + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." properties: apiGroup: description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." @@ -5446,6 +6410,9 @@ spec: name: description: "Name is the name of resource being referenced" type: "string" + namespace: + description: "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + type: "string" required: - "kind" - "name" @@ -5469,7 +6436,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" required: - "storage" type: "object" @@ -5495,11 +6462,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -5509,6 +6478,9 @@ spec: storageClassName: description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" + volumeAttributesClassName: + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec." type: "string" @@ -5552,6 +6524,56 @@ spec: items: description: "Projection that may be projected along with other supported volume types" properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. \n Alpha, gated by the ClusterTrustBundleProjection feature gate. \n ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. \n Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time." + properties: + labelSelector: + description: "Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as \"match nothing\". If set but empty, interpreted as \"match everything\"." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + name: + description: "Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector." + type: "string" + optional: + description: "If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles." + type: "boolean" + path: + description: "Relative path from the volume root to write the bundle." + type: "string" + signerName: + description: "Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated." + type: "string" + required: + - "path" + type: "object" configMap: description: "configMap information about the configMap data to project" properties: @@ -5575,7 +6597,9 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -5591,7 +6615,7 @@ spec: description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" properties: fieldRef: - description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -5632,6 +6656,7 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" secret: description: "secret information about the secret data to project" @@ -5656,7 +6681,9 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -5704,7 +6731,9 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -5717,6 +6746,21 @@ spec: resources: description: "Changing this value causes PostgreSQL and the exporter to restart. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers" properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -5733,7 +6777,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" type: "object" @@ -5839,11 +6883,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -5860,11 +6906,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" weight: description: "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100." @@ -5875,6 +6923,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node." properties: @@ -5899,11 +6948,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -5920,13 +6971,16 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -5943,7 +6997,7 @@ spec: description: "Required. A pod affinity term, associated with the corresponding weight." properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -5961,17 +7015,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -5991,11 +7059,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -6007,6 +7077,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -6022,13 +7093,14 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." items: description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -6046,17 +7118,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -6076,11 +7162,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -6092,6 +7180,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -6099,6 +7188,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -6112,7 +7202,7 @@ spec: description: "Required. A pod affinity term, associated with the corresponding weight." properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -6130,17 +7220,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -6160,11 +7264,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -6176,6 +7282,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -6191,13 +7298,14 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." items: description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -6215,17 +7323,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -6245,11 +7367,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -6261,6 +7385,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -6268,6 +7393,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" config: @@ -6283,6 +7409,56 @@ spec: items: description: "Projection that may be projected along with other supported volume types" properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. \n Alpha, gated by the ClusterTrustBundleProjection feature gate. \n ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. \n Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time." + properties: + labelSelector: + description: "Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as \"match nothing\". If set but empty, interpreted as \"match everything\"." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + name: + description: "Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector." + type: "string" + optional: + description: "If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles." + type: "boolean" + path: + description: "Relative path from the volume root to write the bundle." + type: "string" + signerName: + description: "Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated." + type: "string" + required: + - "path" + type: "object" configMap: description: "configMap information about the configMap data to project" properties: @@ -6306,7 +7482,9 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -6322,7 +7500,7 @@ spec: description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" properties: fieldRef: - description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -6363,6 +7541,7 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" secret: description: "secret information about the secret data to project" @@ -6387,7 +7566,9 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -6433,11 +7614,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" command: description: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" env: description: "List of environment variables to set in the container. Cannot be updated." items: @@ -6459,6 +7642,7 @@ spec: description: "The key to select." type: "string" name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -6505,6 +7689,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -6518,6 +7703,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" envFrom: description: "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated." items: @@ -6527,6 +7715,7 @@ spec: description: "The ConfigMap to select from" properties: name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -6540,6 +7729,7 @@ spec: description: "The Secret to select from" properties: name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -6548,6 +7738,7 @@ spec: type: "object" type: "object" type: "array" + x-kubernetes-list-type: "atomic" image: description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." type: "string" @@ -6568,6 +7759,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" httpGet: description: "HTTPGet specifies the http request to perform." @@ -6581,7 +7773,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -6591,6 +7783,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -6606,6 +7799,16 @@ spec: required: - "port" type: "object" + sleep: + description: "Sleep represents the duration that the container should sleep before being terminated." + properties: + seconds: + description: "Seconds is the number of seconds to sleep." + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified." properties: @@ -6633,6 +7836,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" httpGet: description: "HTTPGet specifies the http request to perform." @@ -6646,7 +7850,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -6656,6 +7860,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -6671,6 +7876,16 @@ spec: required: - "port" type: "object" + sleep: + description: "Sleep represents the duration that the container should sleep before being terminated." + properties: + seconds: + description: "Seconds is the number of seconds to sleep." + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified." properties: @@ -6699,13 +7914,14 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -6729,7 +7945,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -6739,6 +7955,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -6794,7 +8011,7 @@ spec: description: "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated." type: "string" ports: - description: "List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Cannot be updated." + description: "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated." items: description: "ContainerPort represents a network port in a single container." properties: @@ -6835,13 +8052,14 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -6865,7 +8083,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -6875,6 +8093,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -6926,9 +8145,41 @@ spec: format: "int32" type: "integer" type: "object" + resizePolicy: + description: "Resources resize policy for the container." + items: + description: "ContainerResizePolicy represents resource resize policy for the container." + properties: + resourceName: + description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." + type: "string" + restartPolicy: + description: "Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired." + type: "string" + required: + - "resourceName" + - "restartPolicy" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" resources: description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -6945,15 +8196,30 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" + restartPolicy: + description: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is \"Always\". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed." + type: "string" securityContext: description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" properties: allowPrivilegeEscalation: description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." type: "boolean" + appArmorProfile: + description: "appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows." + properties: + localhostProfile: + description: "localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is \"Localhost\"." + type: "string" + type: + description: "type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement." + type: "string" + required: + - "type" + type: "object" capabilities: description: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows." properties: @@ -6963,12 +8229,14 @@ spec: description: "Capability represent POSIX capabilities type" type: "string" type: "array" + x-kubernetes-list-type: "atomic" drop: description: "Removed capabilities" items: description: "Capability represent POSIX capabilities type" type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" privileged: description: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows." @@ -7010,7 +8278,7 @@ spec: description: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows." properties: localhostProfile: - description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\"." + description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: description: "type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." @@ -7028,7 +8296,7 @@ spec: description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: - description: "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true." + description: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true." type: "boolean" runAsUserName: description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." @@ -7046,13 +8314,14 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -7076,7 +8345,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -7086,6 +8355,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -7168,6 +8438,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "devicePath" + x-kubernetes-list-type: "map" volumeMounts: description: "Pod volumes to mount into the container's filesystem. Cannot be updated." items: @@ -7177,7 +8450,7 @@ spec: description: "Path within the container at which the volume should be mounted. Must not contain ':'." type: "string" mountPropagation: - description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10." + description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None)." type: "string" name: description: "This must match the Name of a Volume." @@ -7185,6 +8458,9 @@ spec: readOnly: description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false." type: "boolean" + recursiveReadOnly: + description: "RecursiveReadOnly specifies whether read-only mounts should be handled recursively. \n If ReadOnly is false, this field has no meaning and must be unspecified. \n If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. \n If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). \n If this field is not specified, it is treated as an equivalent of Disabled." + type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root)." type: "string" @@ -7196,6 +8472,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "mountPath" + x-kubernetes-list-type: "map" workingDir: description: "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated." type: "string" @@ -7226,7 +8505,9 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -7272,6 +8553,21 @@ spec: resources: description: "Compute resources of a PgBouncer container. Changing this value causes PgBouncer to restart. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers" properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -7288,7 +8584,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" service: @@ -7340,6 +8636,21 @@ spec: resources: description: "Resource requirements for a sidecar container" properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -7356,7 +8667,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" type: "object" @@ -7408,27 +8719,41 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" maxSkew: description: "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed." format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. \n This is an alpha field and requires enabling MinDomainsInPodTopologySpread feature gate." + description: "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew." format: "int32" type: "integer" + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: "string" + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: "string" topologyKey: - description: "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes match the node selector. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field." + description: "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field." type: "string" whenUnsatisfiable: description: "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered \"Unsatisfiable\" for an incoming pod if and only if every possible node assignment for that pod would violate \"MaxSkew\" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field." @@ -7590,11 +8915,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -7611,11 +8938,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" weight: description: "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100." @@ -7626,6 +8955,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node." properties: @@ -7650,11 +8980,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -7671,13 +9003,16 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -7694,7 +9029,7 @@ spec: description: "Required. A pod affinity term, associated with the corresponding weight." properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -7712,17 +9047,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -7742,11 +9091,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -7758,6 +9109,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -7773,13 +9125,14 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." items: description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -7797,17 +9150,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -7827,11 +9194,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -7843,6 +9212,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -7850,6 +9220,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -7863,7 +9234,7 @@ spec: description: "Required. A pod affinity term, associated with the corresponding weight." properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -7881,17 +9252,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -7911,11 +9296,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -7927,6 +9314,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -7942,13 +9330,14 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." items: description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" properties: labelSelector: - description: "A label query over a set of resources, in this case pods." + description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -7966,17 +9355,31 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: @@ -7996,11 +9399,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -8012,6 +9417,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." type: "string" @@ -8019,6 +9425,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" config: @@ -8029,6 +9436,56 @@ spec: items: description: "Projection that may be projected along with other supported volume types" properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. \n Alpha, gated by the ClusterTrustBundleProjection feature gate. \n ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. \n Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time." + properties: + labelSelector: + description: "Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as \"match nothing\". If set but empty, interpreted as \"match everything\"." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + name: + description: "Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector." + type: "string" + optional: + description: "If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles." + type: "boolean" + path: + description: "Relative path from the volume root to write the bundle." + type: "string" + signerName: + description: "Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated." + type: "string" + required: + - "path" + type: "object" configMap: description: "configMap information about the configMap data to project" properties: @@ -8052,7 +9509,9 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -8068,7 +9527,7 @@ spec: description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" properties: fieldRef: - description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -8109,6 +9568,7 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" secret: description: "secret information about the secret data to project" @@ -8133,7 +9593,9 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -8165,6 +9627,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: + default: "" description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: @@ -8186,8 +9649,9 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" dataSource: - description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field." + description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." properties: apiGroup: description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." @@ -8203,7 +9667,7 @@ spec: - "name" type: "object" dataSourceRef: - description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled." + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." properties: apiGroup: description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." @@ -8214,6 +9678,9 @@ spec: name: description: "Name is the name of resource being referenced" type: "string" + namespace: + description: "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + type: "string" required: - "kind" - "name" @@ -8237,7 +9704,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" selector: @@ -8259,11 +9726,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -8273,6 +9742,9 @@ spec: storageClassName: description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" + volumeAttributesClassName: + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec." type: "string" @@ -8308,6 +9780,21 @@ spec: resources: description: "Compute resources of a pgAdmin container. Changing this value causes pgAdmin to restart. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers" properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -8324,7 +9811,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" service: @@ -8414,27 +9901,41 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" maxSkew: description: "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed." format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. \n This is an alpha field and requires enabling MinDomainsInPodTopologySpread feature gate." + description: "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew." format: "int32" type: "integer" + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: "string" + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: "string" topologyKey: - description: "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes match the node selector. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field." + description: "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field." type: "string" whenUnsatisfiable: description: "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered \"Unsatisfiable\" for an incoming pod if and only if every possible node assignment for that pod would violate \"MaxSkew\" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field." diff --git a/crd-catalog/DataDog/datadog-operator/datadoghq.com/v1alpha1/datadogagents.yaml b/crd-catalog/DataDog/datadog-operator/datadoghq.com/v1alpha1/datadogagents.yaml index 6083bdf94..e06574dc9 100644 --- a/crd-catalog/DataDog/datadog-operator/datadoghq.com/v1alpha1/datadogagents.yaml +++ b/crd-catalog/DataDog/datadog-operator/datadoghq.com/v1alpha1/datadogagents.yaml @@ -2,20 +2,9 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - cert-manager.io/inject-ca-from: "$(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)" controller-gen.kubebuilder.io/version: "v0.6.1" name: "datadogagents.datadoghq.com" spec: - conversion: - strategy: "Webhook" - webhook: - clientConfig: - service: - name: "datadog-operator-webhook-service" - namespace: "system" - path: "/convert" - conversionReviewVersions: - - "v1" group: "datadoghq.com" names: kind: "DatadogAgent" @@ -235,7 +224,7 @@ spec: type: "object" type: "object" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled." + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -265,7 +254,7 @@ spec: type: "object" type: "object" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"" + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" @@ -320,7 +309,7 @@ spec: type: "object" type: "object" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled." + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -350,7 +339,7 @@ spec: type: "object" type: "object" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"" + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" @@ -404,7 +393,7 @@ spec: type: "object" type: "object" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled." + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -434,7 +423,7 @@ spec: type: "object" type: "object" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"" + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" @@ -489,7 +478,7 @@ spec: type: "object" type: "object" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled." + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -519,7 +508,7 @@ spec: type: "object" type: "object" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"" + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" @@ -654,7 +643,7 @@ spec: format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port. This is an alpha field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -825,14 +814,14 @@ spec: description: "Maps a string key to a path within a volume." properties: key: - description: "The key to project." + description: "key is the key to project." type: "string" mode: - description: "Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." type: "string" required: - "key" @@ -864,14 +853,14 @@ spec: description: "Maps a string key to a path within a volume." properties: key: - description: "The key to project." + description: "key is the key to project." type: "string" mode: - description: "Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." type: "string" required: - "key" @@ -1118,7 +1107,7 @@ spec: format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port. This is an alpha field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -1243,7 +1232,7 @@ spec: format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port. This is an alpha field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -1506,138 +1495,138 @@ spec: description: "Volume represents a named volume in a pod that may be accessed by any container in the pod." properties: awsElasticBlockStore: - description: "AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" partition: - description: "The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." + description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." format: "int32" type: "integer" readOnly: - description: "Specify \"true\" to force and set the ReadOnly property in VolumeMounts to \"true\". If omitted, the default is \"false\". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + description: "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "boolean" volumeID: - description: "Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" required: - "volumeID" type: "object" azureDisk: - description: "AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod." + description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod." properties: cachingMode: - description: "Host Caching mode: None, Read Only, Read Write." + description: "cachingMode is the Host Caching mode: None, Read Only, Read Write." type: "string" diskName: - description: "The Name of the data disk in the blob storage" + description: "diskName is the Name of the data disk in the blob storage" type: "string" diskURI: - description: "The URI the data disk in the blob storage" + description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: - description: "Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" + description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: - description: "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." type: "boolean" required: - "diskName" - "diskURI" type: "object" azureFile: - description: "AzureFile represents an Azure File Service mount on the host and bind mount to the pod." + description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod." properties: readOnly: - description: "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." type: "boolean" secretName: - description: "the name of secret that contains Azure Storage Account Name and Key" + description: "secretName is the name of secret that contains Azure Storage Account Name and Key" type: "string" shareName: - description: "Share Name" + description: "shareName is the azure share Name" type: "string" required: - "secretName" - "shareName" type: "object" cephfs: - description: "CephFS represents a Ceph FS mount on the host that shares a pod's lifetime" + description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime" properties: monitors: - description: "Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" items: type: "string" type: "array" path: - description: "Optional: Used as the mounted root, rather than the full Ceph tree, default is /" + description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" type: "string" readOnly: - description: "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "boolean" secretFile: - description: "Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "string" secretRef: - description: "Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" user: - description: "Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "string" required: - "monitors" type: "object" cinder: - description: "Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" properties: fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "string" readOnly: - description: "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "boolean" secretRef: - description: "Optional: points to a secret object containing parameters used to connect to OpenStack." + description: "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack." properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" volumeID: - description: "volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "string" required: - "volumeID" type: "object" configMap: - description: "ConfigMap represents a configMap that should populate this volume" + description: "configMap represents a configMap that should populate this volume" properties: defaultMode: - description: "Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" items: - description: "If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: key: - description: "The key to project." + description: "key is the key to project." type: "string" mode: - description: "Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." type: "string" required: - "key" @@ -1648,38 +1637,38 @@ spec: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: - description: "Specify whether the ConfigMap or its keys must be defined" + description: "optional specify whether the ConfigMap or its keys must be defined" type: "boolean" type: "object" csi: - description: "CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature)." + description: "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature)." properties: driver: - description: "Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster." + description: "driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster." type: "string" fsType: - description: "Filesystem type to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply." + description: "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply." type: "string" nodePublishSecretRef: - description: "NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed." + description: "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed." properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" readOnly: - description: "Specifies a read-only configuration for the volume. Defaults to false (read/write)." + description: "readOnly specifies a read-only configuration for the volume. Defaults to false (read/write)." type: "boolean" volumeAttributes: additionalProperties: type: "string" - description: "VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values." + description: "volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values." type: "object" required: - "driver" type: "object" downwardAPI: - description: "DownwardAPI represents downward API about the pod that should populate this volume" + description: "downwardAPI represents downward API about the pod that should populate this volume" properties: defaultMode: description: "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." @@ -1734,21 +1723,21 @@ spec: type: "array" type: "object" emptyDir: - description: "EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + description: "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" properties: medium: - description: "What type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + description: "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" type: "string" sizeLimit: anyOf: - type: "integer" - type: "string" - description: "Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir" + description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "Ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." properties: volumeClaimTemplate: description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." @@ -1760,12 +1749,12 @@ spec: description: "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here." properties: accessModes: - description: "AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + description: "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" items: type: "string" type: "array" dataSource: - description: "This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field." + description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field." properties: apiGroup: description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." @@ -1781,7 +1770,7 @@ spec: - "name" type: "object" dataSourceRef: - description: "Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Alpha) Using this field requires the AnyVolumeDataSource feature gate to be enabled." + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled." properties: apiGroup: description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." @@ -1797,7 +1786,7 @@ spec: - "name" type: "object" resources: - description: "Resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" + description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" properties: limits: additionalProperties: @@ -1819,7 +1808,7 @@ spec: type: "object" type: "object" selector: - description: "A label query over volumes to consider for binding." + description: "selector is a label query over volumes to consider for binding." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -1849,13 +1838,13 @@ spec: type: "object" type: "object" storageClassName: - description: "Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" + description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec." type: "string" volumeName: - description: "VolumeName is the binding reference to the PersistentVolume backing this claim." + description: "volumeName is the binding reference to the PersistentVolume backing this claim." type: "string" type: "object" required: @@ -1863,48 +1852,48 @@ spec: type: "object" type: "object" fc: - description: "FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." + description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" lun: - description: "Optional: FC target lun number" + description: "lun is Optional: FC target lun number" format: "int32" type: "integer" readOnly: - description: "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." type: "boolean" targetWWNs: - description: "Optional: FC target worldwide names (WWNs)" + description: "targetWWNs is Optional: FC target worldwide names (WWNs)" items: type: "string" type: "array" wwids: - description: "Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously." + description: "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously." items: type: "string" type: "array" type: "object" flexVolume: - description: "FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin." + description: "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin." properties: driver: - description: "Driver is the name of the driver to use for this volume." + description: "driver is the name of the driver to use for this volume." type: "string" fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script." + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script." type: "string" options: additionalProperties: type: "string" - description: "Optional: Extra command options if any." + description: "options is Optional: this field holds extra command options if any." type: "object" readOnly: - description: "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." type: "boolean" secretRef: - description: "Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." + description: "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" @@ -1914,119 +1903,119 @@ spec: - "driver" type: "object" flocker: - description: "Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running" + description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running" properties: datasetName: - description: "Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated" + description: "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated" type: "string" datasetUUID: - description: "UUID of the dataset. This is unique identifier of a Flocker dataset" + description: "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset" type: "string" type: "object" gcePersistentDisk: - description: "GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" partition: - description: "The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" format: "int32" type: "integer" pdName: - description: "Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" readOnly: - description: "ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "boolean" required: - "pdName" type: "object" gitRepo: - description: "GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." + description: "gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." properties: directory: - description: "Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name." + description: "directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name." type: "string" repository: - description: "Repository URL" + description: "repository is the URL" type: "string" revision: - description: "Commit hash for the specified revision." + description: "revision is the commit hash for the specified revision." type: "string" required: - "repository" type: "object" glusterfs: - description: "Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md" + description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md" properties: endpoints: - description: "EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + description: "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "string" path: - description: "Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + description: "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "string" readOnly: - description: "ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "boolean" required: - "endpoints" - "path" type: "object" hostPath: - description: "HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write." properties: path: - description: "Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + description: "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" type: "string" type: - description: "Type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + description: "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" type: "string" required: - "path" type: "object" iscsi: - description: "ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" + description: "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" properties: chapAuthDiscovery: - description: "whether support iSCSI Discovery CHAP authentication" + description: "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication" type: "boolean" chapAuthSession: - description: "whether support iSCSI Session CHAP authentication" + description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" initiatorName: - description: "Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection." + description: "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection." type: "string" iqn: - description: "Target iSCSI Qualified Name." + description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: - description: "iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp)." + description: "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp)." type: "string" lun: - description: "iSCSI Target Lun number." + description: "lun represents iSCSI Target Lun number." format: "int32" type: "integer" portals: - description: "iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." + description: "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." items: type: "string" type: "array" readOnly: - description: "ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false." + description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false." type: "boolean" secretRef: - description: "CHAP Secret for iSCSI target and initiator authentication" + description: "secretRef is the CHAP Secret for iSCSI target and initiator authentication" properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" targetPortal: - description: "iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." + description: "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." type: "string" required: - "iqn" @@ -2034,92 +2023,92 @@ spec: - "targetPortal" type: "object" name: - description: "Volume's name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" nfs: - description: "NFS represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" properties: path: - description: "Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "string" readOnly: - description: "ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "boolean" server: - description: "Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "string" required: - "path" - "server" type: "object" persistentVolumeClaim: - description: "PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + description: "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" properties: claimName: - description: "ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" type: "string" readOnly: - description: "Will force the ReadOnly setting in VolumeMounts. Default false." + description: "readOnly Will force the ReadOnly setting in VolumeMounts. Default false." type: "boolean" required: - "claimName" type: "object" photonPersistentDisk: - description: "PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine" + description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine" properties: fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" pdID: - description: "ID that identifies Photon Controller persistent disk" + description: "pdID is the ID that identifies Photon Controller persistent disk" type: "string" required: - "pdID" type: "object" portworxVolume: - description: "PortworxVolume represents a portworx volume attached and mounted on kubelets host machine" + description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine" properties: fsType: - description: "FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" readOnly: - description: "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." type: "boolean" volumeID: - description: "VolumeID uniquely identifies a Portworx volume" + description: "volumeID uniquely identifies a Portworx volume" type: "string" required: - "volumeID" type: "object" projected: - description: "Items for all in one resources secrets, configmaps, and downward API" + description: "projected items for all in one resources secrets, configmaps, and downward API" properties: defaultMode: - description: "Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" sources: - description: "list of volume projections" + description: "sources is the list of volume projections" items: description: "Projection that may be projected along with other supported volume types" properties: configMap: - description: "information about the configMap data to project" + description: "configMap information about the configMap data to project" properties: items: - description: "If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: key: - description: "The key to project." + description: "key is the key to project." type: "string" mode: - description: "Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." type: "string" required: - "key" @@ -2130,11 +2119,11 @@ spec: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: - description: "Specify whether the ConfigMap or its keys must be defined" + description: "optional specify whether the ConfigMap or its keys must be defined" type: "boolean" type: "object" downwardAPI: - description: "information about the downwardAPI data to project" + description: "downwardAPI information about the downwardAPI data to project" properties: items: description: "Items is a list of DownwardAPIVolume file" @@ -2185,22 +2174,22 @@ spec: type: "array" type: "object" secret: - description: "information about the secret data to project" + description: "secret information about the secret data to project" properties: items: - description: "If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: key: - description: "The key to project." + description: "key is the key to project." type: "string" mode: - description: "Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." type: "string" required: - "key" @@ -2211,21 +2200,21 @@ spec: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: - description: "Specify whether the Secret or its key must be defined" + description: "optional field specify whether the Secret or its key must be defined" type: "boolean" type: "object" serviceAccountToken: - description: "information about the serviceAccountToken data to project" + description: "serviceAccountToken is information about the serviceAccountToken data to project" properties: audience: - description: "Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver." + description: "audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver." type: "string" expirationSeconds: - description: "ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes." + description: "expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes." format: "int64" type: "integer" path: - description: "Path is the path relative to the mount point of the file to project the token into." + description: "path is the path relative to the mount point of the file to project the token into." type: "string" required: - "path" @@ -2234,103 +2223,103 @@ spec: type: "array" type: "object" quobyte: - description: "Quobyte represents a Quobyte mount on the host that shares a pod's lifetime" + description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime" properties: group: - description: "Group to map volume access to Default is no group" + description: "group to map volume access to Default is no group" type: "string" readOnly: - description: "ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false." + description: "readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false." type: "boolean" registry: - description: "Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes" + description: "registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes" type: "string" tenant: - description: "Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin" + description: "tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin" type: "string" user: - description: "User to map volume access to Defaults to serivceaccount user" + description: "user to map volume access to Defaults to serivceaccount user" type: "string" volume: - description: "Volume is a string that references an already created Quobyte volume by name." + description: "volume is a string that references an already created Quobyte volume by name." type: "string" required: - "registry" - "volume" type: "object" rbd: - description: "RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md" + description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" image: - description: "The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: - description: "Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: - description: "A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" items: type: "string" type: "array" pool: - description: "The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: - description: "ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "boolean" secretRef: - description: "SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" user: - description: "The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: - "image" - "monitors" type: "object" scaleIO: - description: "ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." + description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\"." + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\"." type: "string" gateway: - description: "The host address of the ScaleIO API Gateway." + description: "gateway is the host address of the ScaleIO API Gateway." type: "string" protectionDomain: - description: "The name of the ScaleIO Protection Domain for the configured storage." + description: "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage." type: "string" readOnly: - description: "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." type: "boolean" secretRef: - description: "SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail." + description: "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail." properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" sslEnabled: - description: "Flag to enable/disable SSL communication with Gateway, default false" + description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: - description: "Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned." + description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned." type: "string" storagePool: - description: "The ScaleIO Storage Pool associated with the protection domain." + description: "storagePool is the ScaleIO Storage Pool associated with the protection domain." type: "string" system: - description: "The name of the storage system as configured in ScaleIO." + description: "system is the name of the storage system as configured in ScaleIO." type: "string" volumeName: - description: "The name of a volume already created in the ScaleIO system that is associated with this volume source." + description: "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source." type: "string" required: - "gateway" @@ -2338,26 +2327,26 @@ spec: - "system" type: "object" secret: - description: "Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + description: "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" properties: defaultMode: - description: "Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" items: - description: "If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: key: - description: "The key to project." + description: "key is the key to project." type: "string" mode: - description: "Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." type: "string" required: - "key" @@ -2365,49 +2354,49 @@ spec: type: "object" type: "array" optional: - description: "Specify whether the Secret or its keys must be defined" + description: "optional field specify whether the Secret or its keys must be defined" type: "boolean" secretName: - description: "Name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + description: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" type: "string" type: "object" storageos: - description: "StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes." + description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes." properties: fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" readOnly: - description: "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." type: "boolean" secretRef: - description: "SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted." + description: "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted." properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" volumeName: - description: "VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace." + description: "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace." type: "string" volumeNamespace: - description: "VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created." + description: "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created." type: "string" type: "object" vsphereVolume: - description: "VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine" + description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine" properties: fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" storagePolicyID: - description: "Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName." + description: "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName." type: "string" storagePolicyName: - description: "Storage Policy Based Management (SPBM) profile name." + description: "storagePolicyName is the storage Policy Based Management (SPBM) profile name." type: "string" volumePath: - description: "Path that identifies vSphere volume vmdk" + description: "volumePath is the path that identifies vSphere volume vmdk" type: "string" required: - "volumePath" @@ -3038,14 +3027,14 @@ spec: description: "Maps a string key to a path within a volume." properties: key: - description: "The key to project." + description: "key is the key to project." type: "string" mode: - description: "Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." type: "string" required: - "key" @@ -3183,14 +3172,14 @@ spec: description: "Maps a string key to a path within a volume." properties: key: - description: "The key to project." + description: "key is the key to project." type: "string" mode: - description: "Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." type: "string" required: - "key" @@ -3714,7 +3703,7 @@ spec: type: "object" type: "object" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled." + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -3744,7 +3733,7 @@ spec: type: "object" type: "object" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"" + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" @@ -3799,7 +3788,7 @@ spec: type: "object" type: "object" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled." + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -3829,7 +3818,7 @@ spec: type: "object" type: "object" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"" + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" @@ -3883,7 +3872,7 @@ spec: type: "object" type: "object" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled." + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -3913,7 +3902,7 @@ spec: type: "object" type: "object" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"" + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" @@ -3968,7 +3957,7 @@ spec: type: "object" type: "object" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled." + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -3998,7 +3987,7 @@ spec: type: "object" type: "object" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"" + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" @@ -4020,16 +4009,6 @@ spec: agentCommunicationMode: description: "agentCommunicationMode corresponds to the mode used by the Datadog application libraries to communicate with the Agent. It can be \"hostip\", \"service\", or \"socket\"." type: "string" - cwsInstrumentation: - description: "CWSInstrumentation holds the CWS Instrumentation endpoint configuration" - properties: - enabled: - description: "Enable the CWS Instrumentation admission controller endpoint" - type: "boolean" - mode: - description: "Mode defines how the CWS Instrumentation endpoint should behave. It can be \"init_container\" or \"remote_copy\"." - type: "string" - type: "object" enabled: description: "Enable the admission controller to be able to inject APM/Dogstatsd config and standard tags (env, service, version) automatically into your pods." type: "boolean" @@ -4070,14 +4049,14 @@ spec: description: "Maps a string key to a path within a volume." properties: key: - description: "The key to project." + description: "key is the key to project." type: "string" mode: - description: "Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." type: "string" required: - "key" @@ -4386,138 +4365,138 @@ spec: description: "Volume represents a named volume in a pod that may be accessed by any container in the pod." properties: awsElasticBlockStore: - description: "AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" partition: - description: "The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." + description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." format: "int32" type: "integer" readOnly: - description: "Specify \"true\" to force and set the ReadOnly property in VolumeMounts to \"true\". If omitted, the default is \"false\". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + description: "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "boolean" volumeID: - description: "Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" required: - "volumeID" type: "object" azureDisk: - description: "AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod." + description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod." properties: cachingMode: - description: "Host Caching mode: None, Read Only, Read Write." + description: "cachingMode is the Host Caching mode: None, Read Only, Read Write." type: "string" diskName: - description: "The Name of the data disk in the blob storage" + description: "diskName is the Name of the data disk in the blob storage" type: "string" diskURI: - description: "The URI the data disk in the blob storage" + description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: - description: "Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" + description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: - description: "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." type: "boolean" required: - "diskName" - "diskURI" type: "object" azureFile: - description: "AzureFile represents an Azure File Service mount on the host and bind mount to the pod." + description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod." properties: readOnly: - description: "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." type: "boolean" secretName: - description: "the name of secret that contains Azure Storage Account Name and Key" + description: "secretName is the name of secret that contains Azure Storage Account Name and Key" type: "string" shareName: - description: "Share Name" + description: "shareName is the azure share Name" type: "string" required: - "secretName" - "shareName" type: "object" cephfs: - description: "CephFS represents a Ceph FS mount on the host that shares a pod's lifetime" + description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime" properties: monitors: - description: "Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" items: type: "string" type: "array" path: - description: "Optional: Used as the mounted root, rather than the full Ceph tree, default is /" + description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" type: "string" readOnly: - description: "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "boolean" secretFile: - description: "Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "string" secretRef: - description: "Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" user: - description: "Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "string" required: - "monitors" type: "object" cinder: - description: "Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" properties: fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "string" readOnly: - description: "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "boolean" secretRef: - description: "Optional: points to a secret object containing parameters used to connect to OpenStack." + description: "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack." properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" volumeID: - description: "volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "string" required: - "volumeID" type: "object" configMap: - description: "ConfigMap represents a configMap that should populate this volume" + description: "configMap represents a configMap that should populate this volume" properties: defaultMode: - description: "Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" items: - description: "If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: key: - description: "The key to project." + description: "key is the key to project." type: "string" mode: - description: "Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." type: "string" required: - "key" @@ -4528,38 +4507,38 @@ spec: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: - description: "Specify whether the ConfigMap or its keys must be defined" + description: "optional specify whether the ConfigMap or its keys must be defined" type: "boolean" type: "object" csi: - description: "CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature)." + description: "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature)." properties: driver: - description: "Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster." + description: "driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster." type: "string" fsType: - description: "Filesystem type to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply." + description: "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply." type: "string" nodePublishSecretRef: - description: "NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed." + description: "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed." properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" readOnly: - description: "Specifies a read-only configuration for the volume. Defaults to false (read/write)." + description: "readOnly specifies a read-only configuration for the volume. Defaults to false (read/write)." type: "boolean" volumeAttributes: additionalProperties: type: "string" - description: "VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values." + description: "volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values." type: "object" required: - "driver" type: "object" downwardAPI: - description: "DownwardAPI represents downward API about the pod that should populate this volume" + description: "downwardAPI represents downward API about the pod that should populate this volume" properties: defaultMode: description: "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." @@ -4614,21 +4593,21 @@ spec: type: "array" type: "object" emptyDir: - description: "EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + description: "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" properties: medium: - description: "What type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + description: "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" type: "string" sizeLimit: anyOf: - type: "integer" - type: "string" - description: "Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir" + description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "Ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." properties: volumeClaimTemplate: description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." @@ -4640,12 +4619,12 @@ spec: description: "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here." properties: accessModes: - description: "AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + description: "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" items: type: "string" type: "array" dataSource: - description: "This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field." + description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field." properties: apiGroup: description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." @@ -4661,7 +4640,7 @@ spec: - "name" type: "object" dataSourceRef: - description: "Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Alpha) Using this field requires the AnyVolumeDataSource feature gate to be enabled." + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled." properties: apiGroup: description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." @@ -4677,7 +4656,7 @@ spec: - "name" type: "object" resources: - description: "Resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" + description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" properties: limits: additionalProperties: @@ -4699,7 +4678,7 @@ spec: type: "object" type: "object" selector: - description: "A label query over volumes to consider for binding." + description: "selector is a label query over volumes to consider for binding." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -4729,13 +4708,13 @@ spec: type: "object" type: "object" storageClassName: - description: "Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" + description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec." type: "string" volumeName: - description: "VolumeName is the binding reference to the PersistentVolume backing this claim." + description: "volumeName is the binding reference to the PersistentVolume backing this claim." type: "string" type: "object" required: @@ -4743,48 +4722,48 @@ spec: type: "object" type: "object" fc: - description: "FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." + description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" lun: - description: "Optional: FC target lun number" + description: "lun is Optional: FC target lun number" format: "int32" type: "integer" readOnly: - description: "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." type: "boolean" targetWWNs: - description: "Optional: FC target worldwide names (WWNs)" + description: "targetWWNs is Optional: FC target worldwide names (WWNs)" items: type: "string" type: "array" wwids: - description: "Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously." + description: "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously." items: type: "string" type: "array" type: "object" flexVolume: - description: "FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin." + description: "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin." properties: driver: - description: "Driver is the name of the driver to use for this volume." + description: "driver is the name of the driver to use for this volume." type: "string" fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script." + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script." type: "string" options: additionalProperties: type: "string" - description: "Optional: Extra command options if any." + description: "options is Optional: this field holds extra command options if any." type: "object" readOnly: - description: "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." type: "boolean" secretRef: - description: "Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." + description: "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" @@ -4794,119 +4773,119 @@ spec: - "driver" type: "object" flocker: - description: "Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running" + description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running" properties: datasetName: - description: "Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated" + description: "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated" type: "string" datasetUUID: - description: "UUID of the dataset. This is unique identifier of a Flocker dataset" + description: "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset" type: "string" type: "object" gcePersistentDisk: - description: "GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" partition: - description: "The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" format: "int32" type: "integer" pdName: - description: "Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" readOnly: - description: "ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "boolean" required: - "pdName" type: "object" gitRepo: - description: "GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." + description: "gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." properties: directory: - description: "Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name." + description: "directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name." type: "string" repository: - description: "Repository URL" + description: "repository is the URL" type: "string" revision: - description: "Commit hash for the specified revision." + description: "revision is the commit hash for the specified revision." type: "string" required: - "repository" type: "object" glusterfs: - description: "Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md" + description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md" properties: endpoints: - description: "EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + description: "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "string" path: - description: "Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + description: "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "string" readOnly: - description: "ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "boolean" required: - "endpoints" - "path" type: "object" hostPath: - description: "HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write." properties: path: - description: "Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + description: "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" type: "string" type: - description: "Type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + description: "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" type: "string" required: - "path" type: "object" iscsi: - description: "ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" + description: "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" properties: chapAuthDiscovery: - description: "whether support iSCSI Discovery CHAP authentication" + description: "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication" type: "boolean" chapAuthSession: - description: "whether support iSCSI Session CHAP authentication" + description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" initiatorName: - description: "Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection." + description: "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection." type: "string" iqn: - description: "Target iSCSI Qualified Name." + description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: - description: "iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp)." + description: "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp)." type: "string" lun: - description: "iSCSI Target Lun number." + description: "lun represents iSCSI Target Lun number." format: "int32" type: "integer" portals: - description: "iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." + description: "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." items: type: "string" type: "array" readOnly: - description: "ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false." + description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false." type: "boolean" secretRef: - description: "CHAP Secret for iSCSI target and initiator authentication" + description: "secretRef is the CHAP Secret for iSCSI target and initiator authentication" properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" targetPortal: - description: "iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." + description: "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." type: "string" required: - "iqn" @@ -4914,92 +4893,92 @@ spec: - "targetPortal" type: "object" name: - description: "Volume's name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" nfs: - description: "NFS represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" properties: path: - description: "Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "string" readOnly: - description: "ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "boolean" server: - description: "Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "string" required: - "path" - "server" type: "object" persistentVolumeClaim: - description: "PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + description: "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" properties: claimName: - description: "ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" type: "string" readOnly: - description: "Will force the ReadOnly setting in VolumeMounts. Default false." + description: "readOnly Will force the ReadOnly setting in VolumeMounts. Default false." type: "boolean" required: - "claimName" type: "object" photonPersistentDisk: - description: "PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine" + description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine" properties: fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" pdID: - description: "ID that identifies Photon Controller persistent disk" + description: "pdID is the ID that identifies Photon Controller persistent disk" type: "string" required: - "pdID" type: "object" portworxVolume: - description: "PortworxVolume represents a portworx volume attached and mounted on kubelets host machine" + description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine" properties: fsType: - description: "FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" readOnly: - description: "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." type: "boolean" volumeID: - description: "VolumeID uniquely identifies a Portworx volume" + description: "volumeID uniquely identifies a Portworx volume" type: "string" required: - "volumeID" type: "object" projected: - description: "Items for all in one resources secrets, configmaps, and downward API" + description: "projected items for all in one resources secrets, configmaps, and downward API" properties: defaultMode: - description: "Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" sources: - description: "list of volume projections" + description: "sources is the list of volume projections" items: description: "Projection that may be projected along with other supported volume types" properties: configMap: - description: "information about the configMap data to project" + description: "configMap information about the configMap data to project" properties: items: - description: "If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: key: - description: "The key to project." + description: "key is the key to project." type: "string" mode: - description: "Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." type: "string" required: - "key" @@ -5010,11 +4989,11 @@ spec: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: - description: "Specify whether the ConfigMap or its keys must be defined" + description: "optional specify whether the ConfigMap or its keys must be defined" type: "boolean" type: "object" downwardAPI: - description: "information about the downwardAPI data to project" + description: "downwardAPI information about the downwardAPI data to project" properties: items: description: "Items is a list of DownwardAPIVolume file" @@ -5065,22 +5044,22 @@ spec: type: "array" type: "object" secret: - description: "information about the secret data to project" + description: "secret information about the secret data to project" properties: items: - description: "If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: key: - description: "The key to project." + description: "key is the key to project." type: "string" mode: - description: "Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." type: "string" required: - "key" @@ -5091,21 +5070,21 @@ spec: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: - description: "Specify whether the Secret or its key must be defined" + description: "optional field specify whether the Secret or its key must be defined" type: "boolean" type: "object" serviceAccountToken: - description: "information about the serviceAccountToken data to project" + description: "serviceAccountToken is information about the serviceAccountToken data to project" properties: audience: - description: "Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver." + description: "audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver." type: "string" expirationSeconds: - description: "ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes." + description: "expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes." format: "int64" type: "integer" path: - description: "Path is the path relative to the mount point of the file to project the token into." + description: "path is the path relative to the mount point of the file to project the token into." type: "string" required: - "path" @@ -5114,103 +5093,103 @@ spec: type: "array" type: "object" quobyte: - description: "Quobyte represents a Quobyte mount on the host that shares a pod's lifetime" + description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime" properties: group: - description: "Group to map volume access to Default is no group" + description: "group to map volume access to Default is no group" type: "string" readOnly: - description: "ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false." + description: "readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false." type: "boolean" registry: - description: "Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes" + description: "registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes" type: "string" tenant: - description: "Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin" + description: "tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin" type: "string" user: - description: "User to map volume access to Defaults to serivceaccount user" + description: "user to map volume access to Defaults to serivceaccount user" type: "string" volume: - description: "Volume is a string that references an already created Quobyte volume by name." + description: "volume is a string that references an already created Quobyte volume by name." type: "string" required: - "registry" - "volume" type: "object" rbd: - description: "RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md" + description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" image: - description: "The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: - description: "Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: - description: "A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" items: type: "string" type: "array" pool: - description: "The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: - description: "ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "boolean" secretRef: - description: "SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" user: - description: "The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: - "image" - "monitors" type: "object" scaleIO: - description: "ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." + description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\"." + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\"." type: "string" gateway: - description: "The host address of the ScaleIO API Gateway." + description: "gateway is the host address of the ScaleIO API Gateway." type: "string" protectionDomain: - description: "The name of the ScaleIO Protection Domain for the configured storage." + description: "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage." type: "string" readOnly: - description: "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." type: "boolean" secretRef: - description: "SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail." + description: "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail." properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" sslEnabled: - description: "Flag to enable/disable SSL communication with Gateway, default false" + description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: - description: "Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned." + description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned." type: "string" storagePool: - description: "The ScaleIO Storage Pool associated with the protection domain." + description: "storagePool is the ScaleIO Storage Pool associated with the protection domain." type: "string" system: - description: "The name of the storage system as configured in ScaleIO." + description: "system is the name of the storage system as configured in ScaleIO." type: "string" volumeName: - description: "The name of a volume already created in the ScaleIO system that is associated with this volume source." + description: "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source." type: "string" required: - "gateway" @@ -5218,26 +5197,26 @@ spec: - "system" type: "object" secret: - description: "Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + description: "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" properties: defaultMode: - description: "Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" items: - description: "If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: key: - description: "The key to project." + description: "key is the key to project." type: "string" mode: - description: "Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." type: "string" required: - "key" @@ -5245,49 +5224,49 @@ spec: type: "object" type: "array" optional: - description: "Specify whether the Secret or its keys must be defined" + description: "optional field specify whether the Secret or its keys must be defined" type: "boolean" secretName: - description: "Name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + description: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" type: "string" type: "object" storageos: - description: "StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes." + description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes." properties: fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" readOnly: - description: "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." type: "boolean" secretRef: - description: "SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted." + description: "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted." properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" volumeName: - description: "VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace." + description: "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace." type: "string" volumeNamespace: - description: "VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created." + description: "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created." type: "string" type: "object" vsphereVolume: - description: "VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine" + description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine" properties: fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" storagePolicyID: - description: "Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName." + description: "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName." type: "string" storagePolicyName: - description: "Storage Policy Based Management (SPBM) profile name." + description: "storagePolicyName is the storage Policy Based Management (SPBM) profile name." type: "string" volumePath: - description: "Path that identifies vSphere volume vmdk" + description: "volumePath is the path that identifies vSphere volume vmdk" type: "string" required: - "volumePath" @@ -5623,7 +5602,7 @@ spec: type: "object" type: "object" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled." + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -5653,7 +5632,7 @@ spec: type: "object" type: "object" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"" + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" @@ -5708,7 +5687,7 @@ spec: type: "object" type: "object" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled." + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -5738,7 +5717,7 @@ spec: type: "object" type: "object" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"" + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" @@ -5792,7 +5771,7 @@ spec: type: "object" type: "object" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled." + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -5822,7 +5801,7 @@ spec: type: "object" type: "object" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"" + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" @@ -5877,7 +5856,7 @@ spec: type: "object" type: "object" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled." + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -5907,7 +5886,7 @@ spec: type: "object" type: "object" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"" + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" @@ -6039,7 +6018,7 @@ spec: format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port. This is an alpha field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -6144,7 +6123,7 @@ spec: format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port. This is an alpha field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -6377,138 +6356,138 @@ spec: description: "Volume represents a named volume in a pod that may be accessed by any container in the pod." properties: awsElasticBlockStore: - description: "AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" partition: - description: "The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." + description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." format: "int32" type: "integer" readOnly: - description: "Specify \"true\" to force and set the ReadOnly property in VolumeMounts to \"true\". If omitted, the default is \"false\". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + description: "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "boolean" volumeID: - description: "Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" required: - "volumeID" type: "object" azureDisk: - description: "AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod." + description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod." properties: cachingMode: - description: "Host Caching mode: None, Read Only, Read Write." + description: "cachingMode is the Host Caching mode: None, Read Only, Read Write." type: "string" diskName: - description: "The Name of the data disk in the blob storage" + description: "diskName is the Name of the data disk in the blob storage" type: "string" diskURI: - description: "The URI the data disk in the blob storage" + description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: - description: "Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" + description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: - description: "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." type: "boolean" required: - "diskName" - "diskURI" type: "object" azureFile: - description: "AzureFile represents an Azure File Service mount on the host and bind mount to the pod." + description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod." properties: readOnly: - description: "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." type: "boolean" secretName: - description: "the name of secret that contains Azure Storage Account Name and Key" + description: "secretName is the name of secret that contains Azure Storage Account Name and Key" type: "string" shareName: - description: "Share Name" + description: "shareName is the azure share Name" type: "string" required: - "secretName" - "shareName" type: "object" cephfs: - description: "CephFS represents a Ceph FS mount on the host that shares a pod's lifetime" + description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime" properties: monitors: - description: "Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" items: type: "string" type: "array" path: - description: "Optional: Used as the mounted root, rather than the full Ceph tree, default is /" + description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" type: "string" readOnly: - description: "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "boolean" secretFile: - description: "Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "string" secretRef: - description: "Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" user: - description: "Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "string" required: - "monitors" type: "object" cinder: - description: "Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" properties: fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "string" readOnly: - description: "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "boolean" secretRef: - description: "Optional: points to a secret object containing parameters used to connect to OpenStack." + description: "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack." properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" volumeID: - description: "volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "string" required: - "volumeID" type: "object" configMap: - description: "ConfigMap represents a configMap that should populate this volume" + description: "configMap represents a configMap that should populate this volume" properties: defaultMode: - description: "Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" items: - description: "If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: key: - description: "The key to project." + description: "key is the key to project." type: "string" mode: - description: "Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." type: "string" required: - "key" @@ -6519,38 +6498,38 @@ spec: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: - description: "Specify whether the ConfigMap or its keys must be defined" + description: "optional specify whether the ConfigMap or its keys must be defined" type: "boolean" type: "object" csi: - description: "CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature)." + description: "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature)." properties: driver: - description: "Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster." + description: "driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster." type: "string" fsType: - description: "Filesystem type to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply." + description: "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply." type: "string" nodePublishSecretRef: - description: "NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed." + description: "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed." properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" readOnly: - description: "Specifies a read-only configuration for the volume. Defaults to false (read/write)." + description: "readOnly specifies a read-only configuration for the volume. Defaults to false (read/write)." type: "boolean" volumeAttributes: additionalProperties: type: "string" - description: "VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values." + description: "volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values." type: "object" required: - "driver" type: "object" downwardAPI: - description: "DownwardAPI represents downward API about the pod that should populate this volume" + description: "downwardAPI represents downward API about the pod that should populate this volume" properties: defaultMode: description: "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." @@ -6605,21 +6584,21 @@ spec: type: "array" type: "object" emptyDir: - description: "EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + description: "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" properties: medium: - description: "What type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + description: "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" type: "string" sizeLimit: anyOf: - type: "integer" - type: "string" - description: "Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir" + description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "Ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." properties: volumeClaimTemplate: description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." @@ -6631,12 +6610,12 @@ spec: description: "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here." properties: accessModes: - description: "AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + description: "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" items: type: "string" type: "array" dataSource: - description: "This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field." + description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field." properties: apiGroup: description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." @@ -6652,7 +6631,7 @@ spec: - "name" type: "object" dataSourceRef: - description: "Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Alpha) Using this field requires the AnyVolumeDataSource feature gate to be enabled." + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled." properties: apiGroup: description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." @@ -6668,7 +6647,7 @@ spec: - "name" type: "object" resources: - description: "Resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" + description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" properties: limits: additionalProperties: @@ -6690,7 +6669,7 @@ spec: type: "object" type: "object" selector: - description: "A label query over volumes to consider for binding." + description: "selector is a label query over volumes to consider for binding." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -6720,13 +6699,13 @@ spec: type: "object" type: "object" storageClassName: - description: "Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" + description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec." type: "string" volumeName: - description: "VolumeName is the binding reference to the PersistentVolume backing this claim." + description: "volumeName is the binding reference to the PersistentVolume backing this claim." type: "string" type: "object" required: @@ -6734,48 +6713,48 @@ spec: type: "object" type: "object" fc: - description: "FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." + description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" lun: - description: "Optional: FC target lun number" + description: "lun is Optional: FC target lun number" format: "int32" type: "integer" readOnly: - description: "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." type: "boolean" targetWWNs: - description: "Optional: FC target worldwide names (WWNs)" + description: "targetWWNs is Optional: FC target worldwide names (WWNs)" items: type: "string" type: "array" wwids: - description: "Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously." + description: "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously." items: type: "string" type: "array" type: "object" flexVolume: - description: "FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin." + description: "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin." properties: driver: - description: "Driver is the name of the driver to use for this volume." + description: "driver is the name of the driver to use for this volume." type: "string" fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script." + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script." type: "string" options: additionalProperties: type: "string" - description: "Optional: Extra command options if any." + description: "options is Optional: this field holds extra command options if any." type: "object" readOnly: - description: "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." type: "boolean" secretRef: - description: "Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." + description: "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" @@ -6785,119 +6764,119 @@ spec: - "driver" type: "object" flocker: - description: "Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running" + description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running" properties: datasetName: - description: "Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated" + description: "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated" type: "string" datasetUUID: - description: "UUID of the dataset. This is unique identifier of a Flocker dataset" + description: "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset" type: "string" type: "object" gcePersistentDisk: - description: "GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" partition: - description: "The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" format: "int32" type: "integer" pdName: - description: "Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" readOnly: - description: "ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "boolean" required: - "pdName" type: "object" gitRepo: - description: "GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." + description: "gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." properties: directory: - description: "Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name." + description: "directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name." type: "string" repository: - description: "Repository URL" + description: "repository is the URL" type: "string" revision: - description: "Commit hash for the specified revision." + description: "revision is the commit hash for the specified revision." type: "string" required: - "repository" type: "object" glusterfs: - description: "Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md" + description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md" properties: endpoints: - description: "EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + description: "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "string" path: - description: "Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + description: "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "string" readOnly: - description: "ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "boolean" required: - "endpoints" - "path" type: "object" hostPath: - description: "HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write." properties: path: - description: "Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + description: "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" type: "string" type: - description: "Type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + description: "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" type: "string" required: - "path" type: "object" iscsi: - description: "ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" + description: "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" properties: chapAuthDiscovery: - description: "whether support iSCSI Discovery CHAP authentication" + description: "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication" type: "boolean" chapAuthSession: - description: "whether support iSCSI Session CHAP authentication" + description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" initiatorName: - description: "Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection." + description: "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection." type: "string" iqn: - description: "Target iSCSI Qualified Name." + description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: - description: "iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp)." + description: "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp)." type: "string" lun: - description: "iSCSI Target Lun number." + description: "lun represents iSCSI Target Lun number." format: "int32" type: "integer" portals: - description: "iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." + description: "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." items: type: "string" type: "array" readOnly: - description: "ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false." + description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false." type: "boolean" secretRef: - description: "CHAP Secret for iSCSI target and initiator authentication" + description: "secretRef is the CHAP Secret for iSCSI target and initiator authentication" properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" targetPortal: - description: "iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." + description: "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." type: "string" required: - "iqn" @@ -6905,92 +6884,92 @@ spec: - "targetPortal" type: "object" name: - description: "Volume's name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" nfs: - description: "NFS represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" properties: path: - description: "Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "string" readOnly: - description: "ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "boolean" server: - description: "Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "string" required: - "path" - "server" type: "object" persistentVolumeClaim: - description: "PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + description: "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" properties: claimName: - description: "ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" type: "string" readOnly: - description: "Will force the ReadOnly setting in VolumeMounts. Default false." + description: "readOnly Will force the ReadOnly setting in VolumeMounts. Default false." type: "boolean" required: - "claimName" type: "object" photonPersistentDisk: - description: "PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine" + description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine" properties: fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" pdID: - description: "ID that identifies Photon Controller persistent disk" + description: "pdID is the ID that identifies Photon Controller persistent disk" type: "string" required: - "pdID" type: "object" portworxVolume: - description: "PortworxVolume represents a portworx volume attached and mounted on kubelets host machine" + description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine" properties: fsType: - description: "FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" readOnly: - description: "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." type: "boolean" volumeID: - description: "VolumeID uniquely identifies a Portworx volume" + description: "volumeID uniquely identifies a Portworx volume" type: "string" required: - "volumeID" type: "object" projected: - description: "Items for all in one resources secrets, configmaps, and downward API" + description: "projected items for all in one resources secrets, configmaps, and downward API" properties: defaultMode: - description: "Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" sources: - description: "list of volume projections" + description: "sources is the list of volume projections" items: description: "Projection that may be projected along with other supported volume types" properties: configMap: - description: "information about the configMap data to project" + description: "configMap information about the configMap data to project" properties: items: - description: "If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: key: - description: "The key to project." + description: "key is the key to project." type: "string" mode: - description: "Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." type: "string" required: - "key" @@ -7001,11 +6980,11 @@ spec: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: - description: "Specify whether the ConfigMap or its keys must be defined" + description: "optional specify whether the ConfigMap or its keys must be defined" type: "boolean" type: "object" downwardAPI: - description: "information about the downwardAPI data to project" + description: "downwardAPI information about the downwardAPI data to project" properties: items: description: "Items is a list of DownwardAPIVolume file" @@ -7056,22 +7035,22 @@ spec: type: "array" type: "object" secret: - description: "information about the secret data to project" + description: "secret information about the secret data to project" properties: items: - description: "If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: key: - description: "The key to project." + description: "key is the key to project." type: "string" mode: - description: "Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." type: "string" required: - "key" @@ -7082,21 +7061,21 @@ spec: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: - description: "Specify whether the Secret or its key must be defined" + description: "optional field specify whether the Secret or its key must be defined" type: "boolean" type: "object" serviceAccountToken: - description: "information about the serviceAccountToken data to project" + description: "serviceAccountToken is information about the serviceAccountToken data to project" properties: audience: - description: "Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver." + description: "audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver." type: "string" expirationSeconds: - description: "ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes." + description: "expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes." format: "int64" type: "integer" path: - description: "Path is the path relative to the mount point of the file to project the token into." + description: "path is the path relative to the mount point of the file to project the token into." type: "string" required: - "path" @@ -7105,103 +7084,103 @@ spec: type: "array" type: "object" quobyte: - description: "Quobyte represents a Quobyte mount on the host that shares a pod's lifetime" + description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime" properties: group: - description: "Group to map volume access to Default is no group" + description: "group to map volume access to Default is no group" type: "string" readOnly: - description: "ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false." + description: "readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false." type: "boolean" registry: - description: "Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes" + description: "registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes" type: "string" tenant: - description: "Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin" + description: "tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin" type: "string" user: - description: "User to map volume access to Defaults to serivceaccount user" + description: "user to map volume access to Defaults to serivceaccount user" type: "string" volume: - description: "Volume is a string that references an already created Quobyte volume by name." + description: "volume is a string that references an already created Quobyte volume by name." type: "string" required: - "registry" - "volume" type: "object" rbd: - description: "RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md" + description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" image: - description: "The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: - description: "Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: - description: "A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" items: type: "string" type: "array" pool: - description: "The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: - description: "ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "boolean" secretRef: - description: "SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" user: - description: "The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: - "image" - "monitors" type: "object" scaleIO: - description: "ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." + description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\"." + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\"." type: "string" gateway: - description: "The host address of the ScaleIO API Gateway." + description: "gateway is the host address of the ScaleIO API Gateway." type: "string" protectionDomain: - description: "The name of the ScaleIO Protection Domain for the configured storage." + description: "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage." type: "string" readOnly: - description: "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." type: "boolean" secretRef: - description: "SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail." + description: "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail." properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" sslEnabled: - description: "Flag to enable/disable SSL communication with Gateway, default false" + description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: - description: "Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned." + description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned." type: "string" storagePool: - description: "The ScaleIO Storage Pool associated with the protection domain." + description: "storagePool is the ScaleIO Storage Pool associated with the protection domain." type: "string" system: - description: "The name of the storage system as configured in ScaleIO." + description: "system is the name of the storage system as configured in ScaleIO." type: "string" volumeName: - description: "The name of a volume already created in the ScaleIO system that is associated with this volume source." + description: "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source." type: "string" required: - "gateway" @@ -7209,26 +7188,26 @@ spec: - "system" type: "object" secret: - description: "Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + description: "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" properties: defaultMode: - description: "Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" items: - description: "If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: key: - description: "The key to project." + description: "key is the key to project." type: "string" mode: - description: "Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." type: "string" required: - "key" @@ -7236,49 +7215,49 @@ spec: type: "object" type: "array" optional: - description: "Specify whether the Secret or its keys must be defined" + description: "optional field specify whether the Secret or its keys must be defined" type: "boolean" secretName: - description: "Name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + description: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" type: "string" type: "object" storageos: - description: "StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes." + description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes." properties: fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" readOnly: - description: "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." type: "boolean" secretRef: - description: "SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted." + description: "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted." properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" volumeName: - description: "VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace." + description: "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace." type: "string" volumeNamespace: - description: "VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created." + description: "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created." type: "string" type: "object" vsphereVolume: - description: "VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine" + description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine" properties: fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" storagePolicyID: - description: "Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName." + description: "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName." type: "string" storagePolicyName: - description: "Storage Policy Based Management (SPBM) profile name." + description: "storagePolicyName is the storage Policy Based Management (SPBM) profile name." type: "string" volumePath: - description: "Path that identifies vSphere volume vmdk" + description: "volumePath is the path that identifies vSphere volume vmdk" type: "string" required: - "volumePath" diff --git a/crd-catalog/DataDog/datadog-operator/datadoghq.com/v1alpha1/datadogmonitors.yaml b/crd-catalog/DataDog/datadog-operator/datadoghq.com/v1alpha1/datadogmonitors.yaml index fc3fef876..4d05a1f4f 100644 --- a/crd-catalog/DataDog/datadog-operator/datadoghq.com/v1alpha1/datadogmonitors.yaml +++ b/crd-catalog/DataDog/datadog-operator/datadoghq.com/v1alpha1/datadogmonitors.yaml @@ -75,6 +75,9 @@ spec: description: "Time (in seconds) to delay evaluation, as a non-negative integer. For example, if the value is set to 300 (5min), the timeframe is set to last_5m and the time is 7:00, the monitor evaluates data from 6:50 to 6:55. This is useful for AWS CloudWatch and other backfilled metrics to ensure the monitor always has data during evaluation." format: "int64" type: "integer" + groupbySimpleMonitor: + description: "A Boolean indicating whether the log alert monitor triggers a single alert or multiple alerts when any group breaches a threshold." + type: "boolean" includeTags: description: "A Boolean indicating whether notifications from this monitor automatically inserts its triggering tags into the title." type: "boolean" @@ -95,13 +98,25 @@ spec: notifyAudit: description: "A Boolean indicating whether tagged users are notified on changes to this monitor." type: "boolean" + notifyBy: + description: "A string indicating the granularity a monitor alerts on. Only available for monitors with groupings. For instance, a monitor grouped by cluster, namespace, and pod can be configured to only notify on each new cluster violating the alert conditions by setting notify_by to [\"cluster\"]. Tags mentioned in notify_by must be a subset of the grouping tags in the query. For example, a query grouped by cluster and namespace cannot notify on region. Setting notify_by to [*] configures the monitor to notify as a simple-alert." + items: + type: "string" + type: "array" notifyNoData: description: "A Boolean indicating whether this monitor notifies when data stops reporting." type: "boolean" + onMissingData: + description: "An enum that controls how groups or monitors are treated if an evaluation does not return data points. The default option results in different behavior depending on the monitor query type. For monitors using Count queries, an empty monitor evaluation is treated as 0 and is compared to the threshold conditions. For monitors using any query type other than Count, for example Gauge, Measure, or Rate, the monitor shows the last known status. This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors" + type: "string" renotifyInterval: description: "The number of minutes after the last notification before a monitor re-notifies on the current status. It only re-notifies if it’s not resolved." format: "int64" type: "integer" + renotifyOccurrences: + description: "The number of times re-notification messages should be sent on the current status at the provided re-notification interval." + format: "int64" + type: "integer" requireFullWindow: description: "A Boolean indicating whether this monitor needs a full window of data before it’s evaluated. We highly recommend you set this to false for sparse metrics, otherwise some evaluations are skipped. Default is false." type: "boolean" diff --git a/crd-catalog/DataDog/datadog-operator/datadoghq.com/v2alpha1/datadogagents.yaml b/crd-catalog/DataDog/datadog-operator/datadoghq.com/v2alpha1/datadogagents.yaml index 4625cbcb1..f203bb157 100644 --- a/crd-catalog/DataDog/datadog-operator/datadoghq.com/v2alpha1/datadogagents.yaml +++ b/crd-catalog/DataDog/datadog-operator/datadoghq.com/v2alpha1/datadogagents.yaml @@ -2,20 +2,9 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - cert-manager.io/inject-ca-from: "$(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)" controller-gen.kubebuilder.io/version: "v0.6.1" name: "datadogagents.datadoghq.com" spec: - conversion: - strategy: "Webhook" - webhook: - clientConfig: - service: - name: "datadog-operator-webhook-service" - namespace: "system" - path: "/convert" - conversionReviewVersions: - - "v1" group: "datadoghq.com" names: kind: "DatadogAgent" @@ -64,6 +53,239 @@ spec: agentCommunicationMode: description: "AgentCommunicationMode corresponds to the mode used by the Datadog application libraries to communicate with the Agent. It can be \"hostip\", \"service\", or \"socket\"." type: "string" + agentSidecarInjection: + description: "AgentSidecarInjection contains Agent sidecar injection configurations." + properties: + clusterAgentCommunicationEnabled: + description: "ClusterAgentCommunicationEnabled enables communication between Agent sidecars and the Cluster Agent. Default : true" + type: "boolean" + enabled: + description: "Enabled enables Sidecar injections. Default: false" + type: "boolean" + image: + description: "Image overrides the default Agent image name and tag for the Agent sidecar." + properties: + jmxEnabled: + description: "Define whether the Agent image should support JMX. To be used if the Name field does not correspond to a full image string." + type: "boolean" + name: + description: "Define the image to use: Use \"gcr.io/datadoghq/agent:latest\" for Datadog Agent 7. Use \"datadog/dogstatsd:latest\" for standalone Datadog Agent DogStatsD 7. Use \"gcr.io/datadoghq/cluster-agent:latest\" for Datadog Cluster Agent. Use \"agent\" with the registry and tag configurations for /agent:. Use \"cluster-agent\" with the registry and tag configurations for /cluster-agent:. If the name is the full image string—`:` or `/:`, then `tag`, `jmxEnabled`, and `global.registry` values are ignored. Otherwise, image string is created by overriding default settings with supplied `name`, `tag`, and `jmxEnabled` values; image string is created using default registry unless `global.registry` is configured." + type: "string" + pullPolicy: + description: "The Kubernetes pull policy: Use Always, Never, or IfNotPresent." + type: "string" + pullSecrets: + description: "It is possible to specify Docker registry credentials. See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod" + items: + description: "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace." + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + type: "array" + tag: + description: "Define the image tag to use. To be used if the Name field does not correspond to a full image string." + type: "string" + type: "object" + profiles: + description: "Profiles define the sidecar configuration override. Only one profile is supported." + items: + description: "Profile defines a sidecar configuration override." + properties: + env: + description: "EnvVars specifies the environment variables for the profile." + items: + description: "EnvVar represents an environment variable present in a Container." + properties: + name: + description: "Name of the environment variable. Must be a C_IDENTIFIER." + type: "string" + value: + description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + type: "string" + valueFrom: + description: "Source for the environment variable's value. Cannot be used if value is not empty." + properties: + configMapKeyRef: + description: "Selects a key of a ConfigMap." + properties: + key: + description: "The key to select." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + fieldRef: + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + type: "object" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + resources: + description: "ResourceRequirements specifies the resource requirements for the profile." + properties: + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + provider: + description: "Provider is used to add infrastructure provider-specific configurations to the Agent sidecar. Currently only \"fargate\" is supported. To use the feature in other environments (including local testing) omit the config. See also: https://docs.datadoghq.com/integrations/eks_fargate" + type: "string" + registry: + description: "Registry overrides the default registry for the sidecar Agent." + type: "string" + selectors: + description: "Selectors define the pod selector for sidecar injection. Only one rule is supported." + items: + description: "Selectors define a pod selector for sidecar injection." + properties: + namespaceSelector: + description: "NamespaceSelector specifies the label selector for namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + objectSelector: + description: "ObjectSelector specifies the label selector for objects." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + type: "object" + cwsInstrumentation: + description: "CWSInstrumentation holds the CWS Instrumentation endpoint configuration" + properties: + enabled: + description: "Enable the CWS Instrumentation admission controller endpoint. Default: false" + type: "boolean" + mode: + description: "Mode defines the behavior of the CWS Instrumentation endpoint, and can be either \"init_container\" or \"remote_copy\". Default: \"remote_copy\"" + type: "string" + type: "object" enabled: description: "Enabled enables the Admission Controller. Default: true" type: "boolean" @@ -73,6 +295,9 @@ spec: mutateUnlabelled: description: "MutateUnlabelled enables config injection without the need of pod label 'admission.datadoghq.com/enabled=\"true\"'. Default: false" type: "boolean" + registry: + description: "Registry defines an image registry for the admission controller." + type: "string" serviceName: description: "ServiceName corresponds to the webhook service name." type: "string" @@ -97,6 +322,30 @@ spec: format: "int32" type: "integer" type: "object" + instrumentation: + description: "SingleStepInstrumentation allows the agent to inject the Datadog APM libraries into all pods in the cluster. Feature is in beta. See also: https://docs.datadoghq.com/tracing/trace_collection/single-step-apm Enabled Default: false" + properties: + disabledNamespaces: + description: "DisabledNamespaces disables injecting the Datadog APM libraries into pods in specific namespaces." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "set" + enabled: + description: "Enabled enables injecting the Datadog APM libraries into all pods in the cluster. Default: false" + type: "boolean" + enabledNamespaces: + description: "EnabledNamespaces enables injecting the Datadog APM libraries into pods in specific namespaces." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "set" + libVersions: + additionalProperties: + type: "string" + description: "LibVersions configures injection of specific tracing library versions with Single Step Instrumentation. : ex: \"java\": \"v1.18.0\"" + type: "object" + type: "object" unixDomainSocketConfig: description: "UnixDomainSocketConfig contains socket configuration. See also: https://docs.datadoghq.com/agent/kubernetes/apm/?tab=helm#agent-environment-variables Enabled Default: true Path Default: `/var/run/datadog/apm.socket`" properties: @@ -108,6 +357,31 @@ spec: type: "string" type: "object" type: "object" + asm: + description: "ASM (Application Security Management) configuration." + properties: + iast: + description: "IAST configures Interactive Application Security Testing. Enabled Default: false" + properties: + enabled: + description: "Enabled enables Interactive Application Security Testing (IAST). Default: false" + type: "boolean" + type: "object" + sca: + description: "SCA configures Software Composition Analysis. Enabled Default: false" + properties: + enabled: + description: "Enabled enables Software Composition Analysis (SCA). Default: false" + type: "boolean" + type: "object" + threats: + description: "Threats configures ASM App & API Protection. Enabled Default: false" + properties: + enabled: + description: "Enabled enables ASM App & API Protection. Default: false" + type: "boolean" + type: "object" + type: "object" clusterChecks: description: "ClusterChecks configuration." properties: @@ -139,14 +413,14 @@ spec: description: "Maps a string key to a path within a volume." properties: key: - description: "The key to project." + description: "key is the key to project." type: "string" mode: - description: "Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." type: "string" required: - "key" @@ -190,14 +464,14 @@ spec: description: "Maps a string key to a path within a volume." properties: key: - description: "The key to project." + description: "key is the key to project." type: "string" mode: - description: "Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." type: "string" required: - "key" @@ -266,14 +540,14 @@ spec: description: "Maps a string key to a path within a volume." properties: key: - description: "The key to project." + description: "key is the key to project." type: "string" mode: - description: "Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." type: "string" required: - "key" @@ -380,6 +654,21 @@ spec: description: "WPAController enables the informer and controller of the Watermark Pod Autoscaler. NOTE: The Watermark Pod Autoscaler controller needs to be installed. See also: https://github.com/DataDog/watermarkpodautoscaler. Default: false" type: "boolean" type: "object" + helmCheck: + description: "HelmCheck configuration." + properties: + collectEvents: + description: "CollectEvents set to `true` enables event collection in the Helm check (Requires Agent 7.36.0+ and Cluster Agent 1.20.0+) Default: false" + type: "boolean" + enabled: + description: "Enabled enables the Helm check. Default: false" + type: "boolean" + valuesAsTags: + additionalProperties: + type: "string" + description: "ValuesAsTags collects Helm values from a release and uses them as tags (Requires Agent and Cluster Agent 7.40.0+). Default: {}" + type: "object" + type: "object" kubeStateMetricsCore: description: "KubeStateMetricsCore check configuration." properties: @@ -398,14 +687,14 @@ spec: description: "Maps a string key to a path within a volume." properties: key: - description: "The key to project." + description: "key is the key to project." type: "string" mode: - description: "Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." type: "string" required: - "key" @@ -511,14 +800,14 @@ spec: description: "Maps a string key to a path within a volume." properties: key: - description: "The key to project." + description: "key is the key to project." type: "string" mode: - description: "Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." type: "string" required: - "key" @@ -773,6 +1062,112 @@ spec: description: "URL defines the endpoint URL." type: "string" type: "object" + fips: + description: "FIPS contains configuration used to customize the FIPS proxy sidecar." + properties: + customFIPSConfig: + description: "CustomFIPSConfig configures a custom configMap to provide the FIPS configuration. Specify custom contents for the FIPS proxy sidecar container config (/etc/datadog-fips-proxy/datadog-fips-proxy.cfg). If empty, the default FIPS proxy sidecar container config is used." + properties: + configData: + description: "ConfigData corresponds to the configuration file content." + type: "string" + configMap: + description: "ConfigMap references an existing ConfigMap with the configuration file content." + properties: + items: + description: "Items maps a ConfigMap data `key` to a file `path` mount." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "key" + x-kubernetes-list-type: "map" + name: + description: "Name is the name of the ConfigMap." + type: "string" + type: "object" + type: "object" + enabled: + description: "Enable FIPS sidecar." + type: "boolean" + image: + description: "The container image of the FIPS sidecar." + properties: + jmxEnabled: + description: "Define whether the Agent image should support JMX. To be used if the Name field does not correspond to a full image string." + type: "boolean" + name: + description: "Define the image to use: Use \"gcr.io/datadoghq/agent:latest\" for Datadog Agent 7. Use \"datadog/dogstatsd:latest\" for standalone Datadog Agent DogStatsD 7. Use \"gcr.io/datadoghq/cluster-agent:latest\" for Datadog Cluster Agent. Use \"agent\" with the registry and tag configurations for /agent:. Use \"cluster-agent\" with the registry and tag configurations for /cluster-agent:. If the name is the full image string—`:` or `/:`, then `tag`, `jmxEnabled`, and `global.registry` values are ignored. Otherwise, image string is created by overriding default settings with supplied `name`, `tag`, and `jmxEnabled` values; image string is created using default registry unless `global.registry` is configured." + type: "string" + pullPolicy: + description: "The Kubernetes pull policy: Use Always, Never, or IfNotPresent." + type: "string" + pullSecrets: + description: "It is possible to specify Docker registry credentials. See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod" + items: + description: "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace." + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + type: "array" + tag: + description: "Define the image tag to use. To be used if the Name field does not correspond to a full image string." + type: "string" + type: "object" + localAddress: + description: "Set the local IP address. Default: `127.0.0.1`" + type: "string" + port: + description: "Port specifies which port is used by the containers to communicate to the FIPS sidecar. Default: 9803" + format: "int32" + type: "integer" + portRange: + description: "PortRange specifies the number of ports used. Default: 15" + format: "int32" + type: "integer" + resources: + description: "Resources is the requests and limits for the FIPS sidecar container." + properties: + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + useHTTPS: + description: "UseHTTPS enables HTTPS. Default: false" + type: "boolean" + type: "object" kubelet: description: "Kubelet contains the kubelet configuration parameters." properties: @@ -918,6 +1313,13 @@ spec: type: "string" description: "Provide a mapping of Kubernetes Node Labels to Datadog Tags. : " type: "object" + originDetectionUnified: + description: "OriginDetectionUnified defines the origin detection unified mechanism behavior." + properties: + enabled: + description: "Enabled enables unified mechanism for origin detection. Default: false" + type: "boolean" + type: "object" podAnnotationsAsTags: additionalProperties: type: "string" @@ -1109,7 +1511,7 @@ spec: type: "object" type: "object" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled." + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -1139,7 +1541,7 @@ spec: type: "object" type: "object" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"" + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" @@ -1194,7 +1596,7 @@ spec: type: "object" type: "object" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled." + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -1224,7 +1626,7 @@ spec: type: "object" type: "object" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"" + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" @@ -1278,7 +1680,7 @@ spec: type: "object" type: "object" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled." + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -1308,7 +1710,7 @@ spec: type: "object" type: "object" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"" + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" @@ -1363,7 +1765,7 @@ spec: type: "object" type: "object" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled." + description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -1393,7 +1795,7 @@ spec: type: "object" type: "object" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"" + description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" @@ -1534,7 +1936,7 @@ spec: format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port. This is an alpha field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -1642,7 +2044,7 @@ spec: format: "int32" type: "integer" grpc: - description: "GRPC specifies an action involving a GRPC port. This is an alpha field and requires enabling GRPCContainerProbe feature gate." + description: "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate." properties: port: description: "Port number of the gRPC service. Number must be in the range 1 to 65535." @@ -1767,14 +2169,14 @@ spec: description: "Maps a string key to a path within a volume." properties: key: - description: "The key to project." + description: "key is the key to project." type: "string" mode: - description: "Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." type: "string" required: - "key" @@ -1934,14 +2336,14 @@ spec: description: "Maps a string key to a path within a volume." properties: key: - description: "The key to project." + description: "key is the key to project." type: "string" mode: - description: "Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." type: "string" required: - "key" @@ -2061,14 +2463,14 @@ spec: description: "Maps a string key to a path within a volume." properties: key: - description: "The key to project." + description: "key is the key to project." type: "string" mode: - description: "Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." type: "string" required: - "key" @@ -2100,14 +2502,14 @@ spec: description: "Maps a string key to a path within a volume." properties: key: - description: "The key to project." + description: "key is the key to project." type: "string" mode: - description: "Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." type: "string" required: - "key" @@ -2295,138 +2697,138 @@ spec: description: "Volume represents a named volume in a pod that may be accessed by any container in the pod." properties: awsElasticBlockStore: - description: "AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" partition: - description: "The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." + description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." format: "int32" type: "integer" readOnly: - description: "Specify \"true\" to force and set the ReadOnly property in VolumeMounts to \"true\". If omitted, the default is \"false\". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + description: "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "boolean" volumeID: - description: "Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" required: - "volumeID" type: "object" azureDisk: - description: "AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod." + description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod." properties: cachingMode: - description: "Host Caching mode: None, Read Only, Read Write." + description: "cachingMode is the Host Caching mode: None, Read Only, Read Write." type: "string" diskName: - description: "The Name of the data disk in the blob storage" + description: "diskName is the Name of the data disk in the blob storage" type: "string" diskURI: - description: "The URI the data disk in the blob storage" + description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: - description: "Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" + description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: - description: "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." type: "boolean" required: - "diskName" - "diskURI" type: "object" azureFile: - description: "AzureFile represents an Azure File Service mount on the host and bind mount to the pod." + description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod." properties: readOnly: - description: "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." type: "boolean" secretName: - description: "the name of secret that contains Azure Storage Account Name and Key" + description: "secretName is the name of secret that contains Azure Storage Account Name and Key" type: "string" shareName: - description: "Share Name" + description: "shareName is the azure share Name" type: "string" required: - "secretName" - "shareName" type: "object" cephfs: - description: "CephFS represents a Ceph FS mount on the host that shares a pod's lifetime" + description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime" properties: monitors: - description: "Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" items: type: "string" type: "array" path: - description: "Optional: Used as the mounted root, rather than the full Ceph tree, default is /" + description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" type: "string" readOnly: - description: "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "boolean" secretFile: - description: "Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "string" secretRef: - description: "Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" user: - description: "Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "string" required: - "monitors" type: "object" cinder: - description: "Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" properties: fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "string" readOnly: - description: "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "boolean" secretRef: - description: "Optional: points to a secret object containing parameters used to connect to OpenStack." + description: "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack." properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" volumeID: - description: "volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "string" required: - "volumeID" type: "object" configMap: - description: "ConfigMap represents a configMap that should populate this volume" + description: "configMap represents a configMap that should populate this volume" properties: defaultMode: - description: "Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" items: - description: "If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: key: - description: "The key to project." + description: "key is the key to project." type: "string" mode: - description: "Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." type: "string" required: - "key" @@ -2437,38 +2839,38 @@ spec: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: - description: "Specify whether the ConfigMap or its keys must be defined" + description: "optional specify whether the ConfigMap or its keys must be defined" type: "boolean" type: "object" csi: - description: "CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature)." + description: "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature)." properties: driver: - description: "Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster." + description: "driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster." type: "string" fsType: - description: "Filesystem type to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply." + description: "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply." type: "string" nodePublishSecretRef: - description: "NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed." + description: "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed." properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" readOnly: - description: "Specifies a read-only configuration for the volume. Defaults to false (read/write)." + description: "readOnly specifies a read-only configuration for the volume. Defaults to false (read/write)." type: "boolean" volumeAttributes: additionalProperties: type: "string" - description: "VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values." + description: "volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values." type: "object" required: - "driver" type: "object" downwardAPI: - description: "DownwardAPI represents downward API about the pod that should populate this volume" + description: "downwardAPI represents downward API about the pod that should populate this volume" properties: defaultMode: description: "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." @@ -2523,21 +2925,21 @@ spec: type: "array" type: "object" emptyDir: - description: "EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + description: "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" properties: medium: - description: "What type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + description: "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" type: "string" sizeLimit: anyOf: - type: "integer" - type: "string" - description: "Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir" + description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "Ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." properties: volumeClaimTemplate: description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." @@ -2549,12 +2951,12 @@ spec: description: "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here." properties: accessModes: - description: "AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + description: "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" items: type: "string" type: "array" dataSource: - description: "This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field." + description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field." properties: apiGroup: description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." @@ -2570,7 +2972,7 @@ spec: - "name" type: "object" dataSourceRef: - description: "Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Alpha) Using this field requires the AnyVolumeDataSource feature gate to be enabled." + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled." properties: apiGroup: description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." @@ -2586,7 +2988,7 @@ spec: - "name" type: "object" resources: - description: "Resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" + description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" properties: limits: additionalProperties: @@ -2608,7 +3010,7 @@ spec: type: "object" type: "object" selector: - description: "A label query over volumes to consider for binding." + description: "selector is a label query over volumes to consider for binding." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -2638,13 +3040,13 @@ spec: type: "object" type: "object" storageClassName: - description: "Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" + description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec." type: "string" volumeName: - description: "VolumeName is the binding reference to the PersistentVolume backing this claim." + description: "volumeName is the binding reference to the PersistentVolume backing this claim." type: "string" type: "object" required: @@ -2652,48 +3054,48 @@ spec: type: "object" type: "object" fc: - description: "FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." + description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" lun: - description: "Optional: FC target lun number" + description: "lun is Optional: FC target lun number" format: "int32" type: "integer" readOnly: - description: "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." type: "boolean" targetWWNs: - description: "Optional: FC target worldwide names (WWNs)" + description: "targetWWNs is Optional: FC target worldwide names (WWNs)" items: type: "string" type: "array" wwids: - description: "Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously." + description: "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously." items: type: "string" type: "array" type: "object" flexVolume: - description: "FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin." + description: "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin." properties: driver: - description: "Driver is the name of the driver to use for this volume." + description: "driver is the name of the driver to use for this volume." type: "string" fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script." + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script." type: "string" options: additionalProperties: type: "string" - description: "Optional: Extra command options if any." + description: "options is Optional: this field holds extra command options if any." type: "object" readOnly: - description: "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." type: "boolean" secretRef: - description: "Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." + description: "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" @@ -2703,119 +3105,119 @@ spec: - "driver" type: "object" flocker: - description: "Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running" + description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running" properties: datasetName: - description: "Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated" + description: "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated" type: "string" datasetUUID: - description: "UUID of the dataset. This is unique identifier of a Flocker dataset" + description: "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset" type: "string" type: "object" gcePersistentDisk: - description: "GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" partition: - description: "The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" format: "int32" type: "integer" pdName: - description: "Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" readOnly: - description: "ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "boolean" required: - "pdName" type: "object" gitRepo: - description: "GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." + description: "gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." properties: directory: - description: "Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name." + description: "directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name." type: "string" repository: - description: "Repository URL" + description: "repository is the URL" type: "string" revision: - description: "Commit hash for the specified revision." + description: "revision is the commit hash for the specified revision." type: "string" required: - "repository" type: "object" glusterfs: - description: "Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md" + description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md" properties: endpoints: - description: "EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + description: "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "string" path: - description: "Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + description: "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "string" readOnly: - description: "ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "boolean" required: - "endpoints" - "path" type: "object" hostPath: - description: "HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write." properties: path: - description: "Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + description: "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" type: "string" type: - description: "Type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + description: "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" type: "string" required: - "path" type: "object" iscsi: - description: "ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" + description: "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" properties: chapAuthDiscovery: - description: "whether support iSCSI Discovery CHAP authentication" + description: "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication" type: "boolean" chapAuthSession: - description: "whether support iSCSI Session CHAP authentication" + description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" initiatorName: - description: "Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection." + description: "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection." type: "string" iqn: - description: "Target iSCSI Qualified Name." + description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: - description: "iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp)." + description: "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp)." type: "string" lun: - description: "iSCSI Target Lun number." + description: "lun represents iSCSI Target Lun number." format: "int32" type: "integer" portals: - description: "iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." + description: "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." items: type: "string" type: "array" readOnly: - description: "ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false." + description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false." type: "boolean" secretRef: - description: "CHAP Secret for iSCSI target and initiator authentication" + description: "secretRef is the CHAP Secret for iSCSI target and initiator authentication" properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" targetPortal: - description: "iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." + description: "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." type: "string" required: - "iqn" @@ -2823,92 +3225,92 @@ spec: - "targetPortal" type: "object" name: - description: "Volume's name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" nfs: - description: "NFS represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" properties: path: - description: "Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "string" readOnly: - description: "ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "boolean" server: - description: "Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "string" required: - "path" - "server" type: "object" persistentVolumeClaim: - description: "PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + description: "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" properties: claimName: - description: "ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" type: "string" readOnly: - description: "Will force the ReadOnly setting in VolumeMounts. Default false." + description: "readOnly Will force the ReadOnly setting in VolumeMounts. Default false." type: "boolean" required: - "claimName" type: "object" photonPersistentDisk: - description: "PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine" + description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine" properties: fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" pdID: - description: "ID that identifies Photon Controller persistent disk" + description: "pdID is the ID that identifies Photon Controller persistent disk" type: "string" required: - "pdID" type: "object" portworxVolume: - description: "PortworxVolume represents a portworx volume attached and mounted on kubelets host machine" + description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine" properties: fsType: - description: "FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" readOnly: - description: "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." type: "boolean" volumeID: - description: "VolumeID uniquely identifies a Portworx volume" + description: "volumeID uniquely identifies a Portworx volume" type: "string" required: - "volumeID" type: "object" projected: - description: "Items for all in one resources secrets, configmaps, and downward API" + description: "projected items for all in one resources secrets, configmaps, and downward API" properties: defaultMode: - description: "Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" sources: - description: "list of volume projections" + description: "sources is the list of volume projections" items: description: "Projection that may be projected along with other supported volume types" properties: configMap: - description: "information about the configMap data to project" + description: "configMap information about the configMap data to project" properties: items: - description: "If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: key: - description: "The key to project." + description: "key is the key to project." type: "string" mode: - description: "Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." type: "string" required: - "key" @@ -2919,11 +3321,11 @@ spec: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: - description: "Specify whether the ConfigMap or its keys must be defined" + description: "optional specify whether the ConfigMap or its keys must be defined" type: "boolean" type: "object" downwardAPI: - description: "information about the downwardAPI data to project" + description: "downwardAPI information about the downwardAPI data to project" properties: items: description: "Items is a list of DownwardAPIVolume file" @@ -2974,22 +3376,22 @@ spec: type: "array" type: "object" secret: - description: "information about the secret data to project" + description: "secret information about the secret data to project" properties: items: - description: "If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: key: - description: "The key to project." + description: "key is the key to project." type: "string" mode: - description: "Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." type: "string" required: - "key" @@ -3000,21 +3402,21 @@ spec: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: - description: "Specify whether the Secret or its key must be defined" + description: "optional field specify whether the Secret or its key must be defined" type: "boolean" type: "object" serviceAccountToken: - description: "information about the serviceAccountToken data to project" + description: "serviceAccountToken is information about the serviceAccountToken data to project" properties: audience: - description: "Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver." + description: "audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver." type: "string" expirationSeconds: - description: "ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes." + description: "expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes." format: "int64" type: "integer" path: - description: "Path is the path relative to the mount point of the file to project the token into." + description: "path is the path relative to the mount point of the file to project the token into." type: "string" required: - "path" @@ -3023,103 +3425,103 @@ spec: type: "array" type: "object" quobyte: - description: "Quobyte represents a Quobyte mount on the host that shares a pod's lifetime" + description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime" properties: group: - description: "Group to map volume access to Default is no group" + description: "group to map volume access to Default is no group" type: "string" readOnly: - description: "ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false." + description: "readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false." type: "boolean" registry: - description: "Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes" + description: "registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes" type: "string" tenant: - description: "Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin" + description: "tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin" type: "string" user: - description: "User to map volume access to Defaults to serivceaccount user" + description: "user to map volume access to Defaults to serivceaccount user" type: "string" volume: - description: "Volume is a string that references an already created Quobyte volume by name." + description: "volume is a string that references an already created Quobyte volume by name." type: "string" required: - "registry" - "volume" type: "object" rbd: - description: "RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md" + description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" image: - description: "The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: - description: "Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: - description: "A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" items: type: "string" type: "array" pool: - description: "The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: - description: "ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "boolean" secretRef: - description: "SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" user: - description: "The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: - "image" - "monitors" type: "object" scaleIO: - description: "ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." + description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\"." + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\"." type: "string" gateway: - description: "The host address of the ScaleIO API Gateway." + description: "gateway is the host address of the ScaleIO API Gateway." type: "string" protectionDomain: - description: "The name of the ScaleIO Protection Domain for the configured storage." + description: "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage." type: "string" readOnly: - description: "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." type: "boolean" secretRef: - description: "SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail." + description: "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail." properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" sslEnabled: - description: "Flag to enable/disable SSL communication with Gateway, default false" + description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: - description: "Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned." + description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned." type: "string" storagePool: - description: "The ScaleIO Storage Pool associated with the protection domain." + description: "storagePool is the ScaleIO Storage Pool associated with the protection domain." type: "string" system: - description: "The name of the storage system as configured in ScaleIO." + description: "system is the name of the storage system as configured in ScaleIO." type: "string" volumeName: - description: "The name of a volume already created in the ScaleIO system that is associated with this volume source." + description: "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source." type: "string" required: - "gateway" @@ -3127,26 +3529,26 @@ spec: - "system" type: "object" secret: - description: "Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + description: "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" properties: defaultMode: - description: "Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" items: - description: "If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: key: - description: "The key to project." + description: "key is the key to project." type: "string" mode: - description: "Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." type: "string" required: - "key" @@ -3154,49 +3556,49 @@ spec: type: "object" type: "array" optional: - description: "Specify whether the Secret or its keys must be defined" + description: "optional field specify whether the Secret or its keys must be defined" type: "boolean" secretName: - description: "Name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + description: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" type: "string" type: "object" storageos: - description: "StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes." + description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes." properties: fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" readOnly: - description: "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." type: "boolean" secretRef: - description: "SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted." + description: "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted." properties: name: description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" volumeName: - description: "VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace." + description: "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace." type: "string" volumeNamespace: - description: "VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created." + description: "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created." type: "string" type: "object" vsphereVolume: - description: "VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine" + description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine" properties: fsType: - description: "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" storagePolicyID: - description: "Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName." + description: "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName." type: "string" storagePolicyName: - description: "Storage Policy Based Management (SPBM) profile name." + description: "storagePolicyName is the storage Policy Based Management (SPBM) profile name." type: "string" volumePath: - description: "Path that identifies vSphere volume vmdk" + description: "volumePath is the path that identifies vSphere volume vmdk" type: "string" required: - "volumePath" @@ -3444,6 +3846,920 @@ spec: x-kubernetes-list-map-keys: - "type" x-kubernetes-list-type: "map" + remoteConfigConfiguration: + description: "RemoteConfigConfiguration stores the configuration received from RemoteConfig." + properties: + features: + description: "DatadogFeatures are features running on the Agent and Cluster Agent." + properties: + admissionController: + description: "AdmissionController configuration." + properties: + agentCommunicationMode: + description: "AgentCommunicationMode corresponds to the mode used by the Datadog application libraries to communicate with the Agent. It can be \"hostip\", \"service\", or \"socket\"." + type: "string" + agentSidecarInjection: + description: "AgentSidecarInjection contains Agent sidecar injection configurations." + properties: + clusterAgentCommunicationEnabled: + description: "ClusterAgentCommunicationEnabled enables communication between Agent sidecars and the Cluster Agent. Default : true" + type: "boolean" + enabled: + description: "Enabled enables Sidecar injections. Default: false" + type: "boolean" + image: + description: "Image overrides the default Agent image name and tag for the Agent sidecar." + properties: + jmxEnabled: + description: "Define whether the Agent image should support JMX. To be used if the Name field does not correspond to a full image string." + type: "boolean" + name: + description: "Define the image to use: Use \"gcr.io/datadoghq/agent:latest\" for Datadog Agent 7. Use \"datadog/dogstatsd:latest\" for standalone Datadog Agent DogStatsD 7. Use \"gcr.io/datadoghq/cluster-agent:latest\" for Datadog Cluster Agent. Use \"agent\" with the registry and tag configurations for /agent:. Use \"cluster-agent\" with the registry and tag configurations for /cluster-agent:. If the name is the full image string—`:` or `/:`, then `tag`, `jmxEnabled`, and `global.registry` values are ignored. Otherwise, image string is created by overriding default settings with supplied `name`, `tag`, and `jmxEnabled` values; image string is created using default registry unless `global.registry` is configured." + type: "string" + pullPolicy: + description: "The Kubernetes pull policy: Use Always, Never, or IfNotPresent." + type: "string" + pullSecrets: + description: "It is possible to specify Docker registry credentials. See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod" + items: + description: "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace." + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + type: "array" + tag: + description: "Define the image tag to use. To be used if the Name field does not correspond to a full image string." + type: "string" + type: "object" + profiles: + description: "Profiles define the sidecar configuration override. Only one profile is supported." + items: + description: "Profile defines a sidecar configuration override." + properties: + env: + description: "EnvVars specifies the environment variables for the profile." + items: + description: "EnvVar represents an environment variable present in a Container." + properties: + name: + description: "Name of the environment variable. Must be a C_IDENTIFIER." + type: "string" + value: + description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + type: "string" + valueFrom: + description: "Source for the environment variable's value. Cannot be used if value is not empty." + properties: + configMapKeyRef: + description: "Selects a key of a ConfigMap." + properties: + key: + description: "The key to select." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + fieldRef: + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + type: "object" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + resources: + description: "ResourceRequirements specifies the resource requirements for the profile." + properties: + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + provider: + description: "Provider is used to add infrastructure provider-specific configurations to the Agent sidecar. Currently only \"fargate\" is supported. To use the feature in other environments (including local testing) omit the config. See also: https://docs.datadoghq.com/integrations/eks_fargate" + type: "string" + registry: + description: "Registry overrides the default registry for the sidecar Agent." + type: "string" + selectors: + description: "Selectors define the pod selector for sidecar injection. Only one rule is supported." + items: + description: "Selectors define a pod selector for sidecar injection." + properties: + namespaceSelector: + description: "NamespaceSelector specifies the label selector for namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + objectSelector: + description: "ObjectSelector specifies the label selector for objects." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + type: "object" + cwsInstrumentation: + description: "CWSInstrumentation holds the CWS Instrumentation endpoint configuration" + properties: + enabled: + description: "Enable the CWS Instrumentation admission controller endpoint. Default: false" + type: "boolean" + mode: + description: "Mode defines the behavior of the CWS Instrumentation endpoint, and can be either \"init_container\" or \"remote_copy\". Default: \"remote_copy\"" + type: "string" + type: "object" + enabled: + description: "Enabled enables the Admission Controller. Default: true" + type: "boolean" + failurePolicy: + description: "FailurePolicy determines how unrecognized and timeout errors are handled." + type: "string" + mutateUnlabelled: + description: "MutateUnlabelled enables config injection without the need of pod label 'admission.datadoghq.com/enabled=\"true\"'. Default: false" + type: "boolean" + registry: + description: "Registry defines an image registry for the admission controller." + type: "string" + serviceName: + description: "ServiceName corresponds to the webhook service name." + type: "string" + webhookName: + description: "WebhookName is a custom name for the MutatingWebhookConfiguration. Default: \"datadog-webhook\"" + type: "string" + type: "object" + apm: + description: "APM (Application Performance Monitoring) configuration." + properties: + enabled: + description: "Enabled enables Application Performance Monitoring. Default: true" + type: "boolean" + hostPortConfig: + description: "HostPortConfig contains host port configuration. Enabled Default: false Port Default: 8126" + properties: + enabled: + description: "Enabled enables host port configuration Default: false" + type: "boolean" + hostPort: + description: "Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.) If HostNetwork is enabled, this value must match the ContainerPort." + format: "int32" + type: "integer" + type: "object" + instrumentation: + description: "SingleStepInstrumentation allows the agent to inject the Datadog APM libraries into all pods in the cluster. Feature is in beta. See also: https://docs.datadoghq.com/tracing/trace_collection/single-step-apm Enabled Default: false" + properties: + disabledNamespaces: + description: "DisabledNamespaces disables injecting the Datadog APM libraries into pods in specific namespaces." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "set" + enabled: + description: "Enabled enables injecting the Datadog APM libraries into all pods in the cluster. Default: false" + type: "boolean" + enabledNamespaces: + description: "EnabledNamespaces enables injecting the Datadog APM libraries into pods in specific namespaces." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "set" + libVersions: + additionalProperties: + type: "string" + description: "LibVersions configures injection of specific tracing library versions with Single Step Instrumentation. : ex: \"java\": \"v1.18.0\"" + type: "object" + type: "object" + unixDomainSocketConfig: + description: "UnixDomainSocketConfig contains socket configuration. See also: https://docs.datadoghq.com/agent/kubernetes/apm/?tab=helm#agent-environment-variables Enabled Default: true Path Default: `/var/run/datadog/apm.socket`" + properties: + enabled: + description: "Enabled enables Unix Domain Socket. Default: true" + type: "boolean" + path: + description: "Path defines the socket path used when enabled." + type: "string" + type: "object" + type: "object" + asm: + description: "ASM (Application Security Management) configuration." + properties: + iast: + description: "IAST configures Interactive Application Security Testing. Enabled Default: false" + properties: + enabled: + description: "Enabled enables Interactive Application Security Testing (IAST). Default: false" + type: "boolean" + type: "object" + sca: + description: "SCA configures Software Composition Analysis. Enabled Default: false" + properties: + enabled: + description: "Enabled enables Software Composition Analysis (SCA). Default: false" + type: "boolean" + type: "object" + threats: + description: "Threats configures ASM App & API Protection. Enabled Default: false" + properties: + enabled: + description: "Enabled enables ASM App & API Protection. Default: false" + type: "boolean" + type: "object" + type: "object" + clusterChecks: + description: "ClusterChecks configuration." + properties: + enabled: + description: "Enables Cluster Checks scheduling in the Cluster Agent. Default: true" + type: "boolean" + useClusterChecksRunners: + description: "Enabled enables Cluster Checks Runners to run all Cluster Checks. Default: false" + type: "boolean" + type: "object" + cspm: + description: "CSPM (Cloud Security Posture Management) configuration." + properties: + checkInterval: + description: "CheckInterval defines the check interval." + type: "string" + customBenchmarks: + description: "CustomBenchmarks contains CSPM benchmarks. The content of the ConfigMap will be merged with the benchmarks bundled with the agent. Any benchmarks with the same name as those existing in the agent will take precedence." + properties: + configData: + description: "ConfigData corresponds to the configuration file content." + type: "string" + configMap: + description: "ConfigMap references an existing ConfigMap with the configuration file content." + properties: + items: + description: "Items maps a ConfigMap data `key` to a file `path` mount." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "key" + x-kubernetes-list-type: "map" + name: + description: "Name is the name of the ConfigMap." + type: "string" + type: "object" + type: "object" + enabled: + description: "Enabled enables Cloud Security Posture Management. Default: false" + type: "boolean" + hostBenchmarks: + description: "HostBenchmarks contains configuration for host benchmarks." + properties: + enabled: + description: "Enabled enables host benchmarks. Default: false" + type: "boolean" + type: "object" + type: "object" + cws: + description: "CWS (Cloud Workload Security) configuration." + properties: + customPolicies: + description: "CustomPolicies contains security policies. The content of the ConfigMap will be merged with the policies bundled with the agent. Any policies with the same name as those existing in the agent will take precedence." + properties: + configData: + description: "ConfigData corresponds to the configuration file content." + type: "string" + configMap: + description: "ConfigMap references an existing ConfigMap with the configuration file content." + properties: + items: + description: "Items maps a ConfigMap data `key` to a file `path` mount." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "key" + x-kubernetes-list-type: "map" + name: + description: "Name is the name of the ConfigMap." + type: "string" + type: "object" + type: "object" + enabled: + description: "Enabled enables Cloud Workload Security. Default: false" + type: "boolean" + network: + properties: + enabled: + description: "Enabled enables Cloud Workload Security Network detections. Default: true" + type: "boolean" + type: "object" + remoteConfiguration: + properties: + enabled: + description: "Enabled enables Remote Configuration for Cloud Workload Security. Default: true" + type: "boolean" + type: "object" + securityProfiles: + properties: + enabled: + description: "Enabled enables Security Profiles collection for Cloud Workload Security. Default: true" + type: "boolean" + type: "object" + syscallMonitorEnabled: + description: "SyscallMonitorEnabled enables Syscall Monitoring (recommended for troubleshooting only). Default: false" + type: "boolean" + type: "object" + dogstatsd: + description: "Dogstatsd configuration." + properties: + hostPortConfig: + description: "HostPortConfig contains host port configuration. Enabled Default: false Port Default: 8125" + properties: + enabled: + description: "Enabled enables host port configuration Default: false" + type: "boolean" + hostPort: + description: "Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.) If HostNetwork is enabled, this value must match the ContainerPort." + format: "int32" + type: "integer" + type: "object" + mapperProfiles: + description: "Configure the Dogstasd Mapper Profiles. Can be passed as raw data or via a json encoded string in a config map. See also: https://docs.datadoghq.com/developers/dogstatsd/dogstatsd_mapper/" + properties: + configData: + description: "ConfigData corresponds to the configuration file content." + type: "string" + configMap: + description: "ConfigMap references an existing ConfigMap with the configuration file content." + properties: + items: + description: "Items maps a ConfigMap data `key` to a file `path` mount." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "key" + x-kubernetes-list-type: "map" + name: + description: "Name is the name of the ConfigMap." + type: "string" + type: "object" + type: "object" + originDetectionEnabled: + description: "OriginDetectionEnabled enables origin detection for container tagging. See also: https://docs.datadoghq.com/developers/dogstatsd/unix_socket/#using-origin-detection-for-container-tagging" + type: "boolean" + tagCardinality: + description: "TagCardinality configures tag cardinality for the metrics collected using origin detection (`low`, `orchestrator` or `high`). See also: https://docs.datadoghq.com/getting_started/tagging/assigning_tags/?tab=containerizedenvironments#environment-variables Cardinality default: low" + type: "string" + unixDomainSocketConfig: + description: "UnixDomainSocketConfig contains socket configuration. See also: https://docs.datadoghq.com/agent/kubernetes/apm/?tab=helm#agent-environment-variables Enabled Default: true Path Default: `/var/run/datadog/dsd.socket`" + properties: + enabled: + description: "Enabled enables Unix Domain Socket. Default: true" + type: "boolean" + path: + description: "Path defines the socket path used when enabled." + type: "string" + type: "object" + type: "object" + ebpfCheck: + description: "EBPFCheck configuration." + properties: + enabled: + description: "Enables the eBPF check. Default: false" + type: "boolean" + type: "object" + eventCollection: + description: "EventCollection configuration." + properties: + collectKubernetesEvents: + description: "CollectKubernetesEvents enables Kubernetes event collection. Default: true" + type: "boolean" + type: "object" + externalMetricsServer: + description: "ExternalMetricsServer configuration." + properties: + enabled: + description: "Enabled enables the External Metrics Server. Default: false" + type: "boolean" + endpoint: + description: "Override the API endpoint for the External Metrics Server. URL Default: \"https://app.datadoghq.com\"." + properties: + credentials: + description: "Credentials defines the Datadog credentials used to submit data to/query data from Datadog." + properties: + apiKey: + description: "APIKey configures your Datadog API key. See also: https://app.datadoghq.com/account/settings#agent/kubernetes" + type: "string" + apiSecret: + description: "APISecret references an existing Secret which stores the API key instead of creating a new one. If set, this parameter takes precedence over \"APIKey\"." + properties: + keyName: + description: "KeyName is the key of the secret to use." + type: "string" + secretName: + description: "SecretName is the name of the secret." + type: "string" + required: + - "secretName" + type: "object" + appKey: + description: "AppKey configures your Datadog application key. If you are using features.externalMetricsServer.enabled = true, you must set a Datadog application key for read access to your metrics." + type: "string" + appSecret: + description: "AppSecret references an existing Secret which stores the application key instead of creating a new one. If set, this parameter takes precedence over \"AppKey\"." + properties: + keyName: + description: "KeyName is the key of the secret to use." + type: "string" + secretName: + description: "SecretName is the name of the secret." + type: "string" + required: + - "secretName" + type: "object" + type: "object" + url: + description: "URL defines the endpoint URL." + type: "string" + type: "object" + port: + description: "Port specifies the metricsProvider External Metrics Server service port. Default: 8443" + format: "int32" + type: "integer" + registerAPIService: + description: "RegisterAPIService registers the External Metrics endpoint as an APIService Default: true" + type: "boolean" + useDatadogMetrics: + description: "UseDatadogMetrics enables usage of the DatadogMetrics CRD (allowing one to scale on arbitrary Datadog metric queries). Default: true" + type: "boolean" + wpaController: + description: "WPAController enables the informer and controller of the Watermark Pod Autoscaler. NOTE: The Watermark Pod Autoscaler controller needs to be installed. See also: https://github.com/DataDog/watermarkpodautoscaler. Default: false" + type: "boolean" + type: "object" + helmCheck: + description: "HelmCheck configuration." + properties: + collectEvents: + description: "CollectEvents set to `true` enables event collection in the Helm check (Requires Agent 7.36.0+ and Cluster Agent 1.20.0+) Default: false" + type: "boolean" + enabled: + description: "Enabled enables the Helm check. Default: false" + type: "boolean" + valuesAsTags: + additionalProperties: + type: "string" + description: "ValuesAsTags collects Helm values from a release and uses them as tags (Requires Agent and Cluster Agent 7.40.0+). Default: {}" + type: "object" + type: "object" + kubeStateMetricsCore: + description: "KubeStateMetricsCore check configuration." + properties: + conf: + description: "Conf overrides the configuration for the default Kubernetes State Metrics Core check. This must point to a ConfigMap containing a valid cluster check configuration." + properties: + configData: + description: "ConfigData corresponds to the configuration file content." + type: "string" + configMap: + description: "ConfigMap references an existing ConfigMap with the configuration file content." + properties: + items: + description: "Items maps a ConfigMap data `key` to a file `path` mount." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "key" + x-kubernetes-list-type: "map" + name: + description: "Name is the name of the ConfigMap." + type: "string" + type: "object" + type: "object" + enabled: + description: "Enabled enables Kube State Metrics Core. Default: true" + type: "boolean" + type: "object" + liveContainerCollection: + description: "LiveContainerCollection configuration." + properties: + enabled: + description: "Enables container collection for the Live Container View. Default: true" + type: "boolean" + type: "object" + liveProcessCollection: + description: "LiveProcessCollection configuration." + properties: + enabled: + description: "Enabled enables Process monitoring. Default: false" + type: "boolean" + scrubProcessArguments: + description: "ScrubProcessArguments enables scrubbing of sensitive data in process command-lines (passwords, tokens, etc. ). Default: true" + type: "boolean" + stripProcessArguments: + description: "StripProcessArguments enables stripping of all process arguments. Default: false" + type: "boolean" + type: "object" + logCollection: + description: "LogCollection configuration." + properties: + containerCollectAll: + description: "ContainerCollectAll enables Log collection from all containers. Default: false" + type: "boolean" + containerCollectUsingFiles: + description: "ContainerCollectUsingFiles enables log collection from files in `/var/log/pods instead` of using the container runtime API. Collecting logs from files is usually the most efficient way of collecting logs. See also: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup Default: true" + type: "boolean" + containerLogsPath: + description: "ContainerLogsPath allows log collection from the container log path. Set to a different path if you are not using the Docker runtime. See also: https://docs.datadoghq.com/agent/kubernetes/daemonset_setup/?tab=k8sfile#create-manifest Default: `/var/lib/docker/containers`" + type: "string" + containerSymlinksPath: + description: "ContainerSymlinksPath allows log collection to use symbolic links in this directory to validate container ID -> pod. Default: `/var/log/containers`" + type: "string" + enabled: + description: "Enabled enables Log collection. Default: false" + type: "boolean" + openFilesLimit: + description: "OpenFilesLimit sets the maximum number of log files that the Datadog Agent tails. Increasing this limit can increase resource consumption of the Agent. See also: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup Default: 100" + format: "int32" + type: "integer" + podLogsPath: + description: "PodLogsPath allows log collection from a pod log path. Default: `/var/log/pods`" + type: "string" + tempStoragePath: + description: "TempStoragePath (always mounted from the host) is used by the Agent to store information about processed log files. If the Agent is restarted, it starts tailing the log files immediately. Default: `/var/lib/datadog-agent/logs`" + type: "string" + type: "object" + npm: + description: "NPM (Network Performance Monitoring) configuration." + properties: + collectDNSStats: + description: "CollectDNSStats enables DNS stat collection. Default: false" + type: "boolean" + enableConntrack: + description: "EnableConntrack enables the system-probe agent to connect to the netlink/conntrack subsystem to add NAT information to connection data. See also: http://conntrack-tools.netfilter.org/ Default: false" + type: "boolean" + enabled: + description: "Enabled enables Network Performance Monitoring. Default: false" + type: "boolean" + type: "object" + oomKill: + description: "OOMKill configuration." + properties: + enabled: + description: "Enables the OOMKill eBPF-based check. Default: false" + type: "boolean" + type: "object" + orchestratorExplorer: + description: "OrchestratorExplorer check configuration." + properties: + conf: + description: "Conf overrides the configuration for the default Orchestrator Explorer check. This must point to a ConfigMap containing a valid cluster check configuration." + properties: + configData: + description: "ConfigData corresponds to the configuration file content." + type: "string" + configMap: + description: "ConfigMap references an existing ConfigMap with the configuration file content." + properties: + items: + description: "Items maps a ConfigMap data `key` to a file `path` mount." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "key" + x-kubernetes-list-type: "map" + name: + description: "Name is the name of the ConfigMap." + type: "string" + type: "object" + type: "object" + customResources: + description: "`CustomResources` defines custom resources for the orchestrator explorer to collect. Each item should follow the convention `group/version/kind`. For example, `datadoghq.com/v1alpha1/datadogmetrics`." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "set" + ddUrl: + description: "Override the API endpoint for the Orchestrator Explorer. URL Default: \"https://orchestrator.datadoghq.com\"." + type: "string" + enabled: + description: "Enabled enables the Orchestrator Explorer. Default: true" + type: "boolean" + extraTags: + description: "Additional tags to associate with the collected data in the form of `a b c`. This is a Cluster Agent option distinct from DD_TAGS that is used in the Orchestrator Explorer." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "set" + scrubContainers: + description: "ScrubContainers enables scrubbing of sensitive container data (passwords, tokens, etc. ). Default: true" + type: "boolean" + type: "object" + otlp: + description: "OTLP ingest configuration" + properties: + receiver: + description: "Receiver contains configuration for the OTLP ingest receiver." + properties: + protocols: + description: "Protocols contains configuration for the OTLP ingest receiver protocols." + properties: + grpc: + description: "GRPC contains configuration for the OTLP ingest OTLP/gRPC receiver." + properties: + enabled: + description: "Enable the OTLP/gRPC endpoint." + type: "boolean" + endpoint: + description: "Endpoint for OTLP/gRPC. gRPC supports several naming schemes: https://github.com/grpc/grpc/blob/master/doc/naming.md The Datadog Operator supports only 'host:port' (usually `0.0.0.0:port`). Default: `0.0.0.0:4317`." + type: "string" + type: "object" + http: + description: "HTTP contains configuration for the OTLP ingest OTLP/HTTP receiver." + properties: + enabled: + description: "Enable the OTLP/HTTP endpoint." + type: "boolean" + endpoint: + description: "Endpoint for OTLP/HTTP. Default: '0.0.0.0:4318'." + type: "string" + type: "object" + type: "object" + type: "object" + type: "object" + processDiscovery: + description: "ProcessDiscovery configuration." + properties: + enabled: + description: "Enabled enables the Process Discovery check in the Agent. Default: true" + type: "boolean" + type: "object" + prometheusScrape: + description: "PrometheusScrape configuration." + properties: + additionalConfigs: + description: "AdditionalConfigs allows adding advanced Prometheus check configurations with custom discovery rules." + type: "string" + enableServiceEndpoints: + description: "EnableServiceEndpoints enables generating dedicated checks for service endpoints. Default: false" + type: "boolean" + enabled: + description: "Enable autodiscovery of pods and services exposing Prometheus metrics. Default: false" + type: "boolean" + version: + description: "Version specifies the version of the OpenMetrics check. Default: 2" + type: "integer" + type: "object" + remoteConfiguration: + description: "Remote Configuration configuration." + properties: + enabled: + description: "Enable this option to activate Remote Configuration. Default: true" + type: "boolean" + type: "object" + sbom: + description: "SBOM collection configuration." + properties: + containerImage: + description: "SBOMTypeConfig contains configuration for a SBOM collection type." + properties: + analyzers: + description: "Analyzers to use for SBOM collection." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "set" + enabled: + description: "Enable this option to activate SBOM collection. Default: false" + type: "boolean" + type: "object" + enabled: + description: "Enable this option to activate SBOM collection. Default: false" + type: "boolean" + host: + description: "SBOMTypeConfig contains configuration for a SBOM collection type." + properties: + analyzers: + description: "Analyzers to use for SBOM collection." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "set" + enabled: + description: "Enable this option to activate SBOM collection. Default: false" + type: "boolean" + type: "object" + type: "object" + tcpQueueLength: + description: "TCPQueueLength configuration." + properties: + enabled: + description: "Enables the TCP queue length eBPF-based check. Default: false" + type: "boolean" + type: "object" + usm: + description: "USM (Universal Service Monitoring) configuration." + properties: + enabled: + description: "Enabled enables Universal Service Monitoring. Default: false" + type: "boolean" + type: "object" + type: "object" + type: "object" type: "object" type: "object" served: true diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationplatforms.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationplatforms.yaml index abdca0ba9..27c2b9b11 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationplatforms.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationplatforms.yaml @@ -899,6 +899,14 @@ spec: - "Prefix" - "ImplementationSpecific" type: "string" + tlsHosts: + description: "To configure tls hosts" + items: + type: "string" + type: "array" + tlsSecretName: + description: "To configure tls secret name" + type: "string" type: "object" istio: description: "The configuration of Istio trait" @@ -1132,6 +1140,10 @@ spec: rolloutDuration: description: "Enables to gradually shift traffic to the latest Revision and sets the rollout duration. It's disabled by default and must be expressed as a Golang `time.Duration` string representation, rounded to a second precision." type: "string" + timeoutSeconds: + description: "The maximum duration in seconds that the request instance is allowed to respond to a request. This field propagates to the integration pod's terminationGracePeriodSeconds \n Refer to the Knative documentation for more information." + format: "int64" + type: "integer" visibility: description: "Setting `cluster-local`, Knative service becomes a private service. Specifically, this option applies the `networking.knative.dev/visibility` label to Knative service. \n Refer to the Knative documentation for more information." enum: @@ -2428,6 +2440,14 @@ spec: - "Prefix" - "ImplementationSpecific" type: "string" + tlsHosts: + description: "To configure tls hosts" + items: + type: "string" + type: "array" + tlsSecretName: + description: "To configure tls secret name" + type: "string" type: "object" istio: description: "The configuration of Istio trait" @@ -2661,6 +2681,10 @@ spec: rolloutDuration: description: "Enables to gradually shift traffic to the latest Revision and sets the rollout duration. It's disabled by default and must be expressed as a Golang `time.Duration` string representation, rounded to a second precision." type: "string" + timeoutSeconds: + description: "The maximum duration in seconds that the request instance is allowed to respond to a request. This field propagates to the integration pod's terminationGracePeriodSeconds \n Refer to the Knative documentation for more information." + format: "int64" + type: "integer" visibility: description: "Setting `cluster-local`, Knative service becomes a private service. Specifically, this option applies the `networking.knative.dev/visibility` label to Knative service. \n Refer to the Knative documentation for more information." enum: diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationprofiles.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationprofiles.yaml index d57eeece2..402c34931 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationprofiles.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationprofiles.yaml @@ -800,6 +800,14 @@ spec: - "Prefix" - "ImplementationSpecific" type: "string" + tlsHosts: + description: "To configure tls hosts" + items: + type: "string" + type: "array" + tlsSecretName: + description: "To configure tls secret name" + type: "string" type: "object" istio: description: "The configuration of Istio trait" @@ -1033,6 +1041,10 @@ spec: rolloutDuration: description: "Enables to gradually shift traffic to the latest Revision and sets the rollout duration. It's disabled by default and must be expressed as a Golang `time.Duration` string representation, rounded to a second precision." type: "string" + timeoutSeconds: + description: "The maximum duration in seconds that the request instance is allowed to respond to a request. This field propagates to the integration pod's terminationGracePeriodSeconds \n Refer to the Knative documentation for more information." + format: "int64" + type: "integer" visibility: description: "Setting `cluster-local`, Knative service becomes a private service. Specifically, this option applies the `networking.knative.dev/visibility` label to Knative service. \n Refer to the Knative documentation for more information." enum: @@ -2237,6 +2249,14 @@ spec: - "Prefix" - "ImplementationSpecific" type: "string" + tlsHosts: + description: "To configure tls hosts" + items: + type: "string" + type: "array" + tlsSecretName: + description: "To configure tls secret name" + type: "string" type: "object" istio: description: "The configuration of Istio trait" @@ -2470,6 +2490,10 @@ spec: rolloutDuration: description: "Enables to gradually shift traffic to the latest Revision and sets the rollout duration. It's disabled by default and must be expressed as a Golang `time.Duration` string representation, rounded to a second precision." type: "string" + timeoutSeconds: + description: "The maximum duration in seconds that the request instance is allowed to respond to a request. This field propagates to the integration pod's terminationGracePeriodSeconds \n Refer to the Knative documentation for more information." + format: "int64" + type: "integer" visibility: description: "Setting `cluster-local`, Knative service becomes a private service. Specifically, this option applies the `networking.knative.dev/visibility` label to Knative service. \n Refer to the Knative documentation for more information." enum: diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrations.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrations.yaml index e6ff6715d..eb23645b9 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrations.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrations.yaml @@ -4293,6 +4293,14 @@ spec: - "Prefix" - "ImplementationSpecific" type: "string" + tlsHosts: + description: "To configure tls hosts" + items: + type: "string" + type: "array" + tlsSecretName: + description: "To configure tls secret name" + type: "string" type: "object" istio: description: "The configuration of Istio trait" @@ -4526,6 +4534,10 @@ spec: rolloutDuration: description: "Enables to gradually shift traffic to the latest Revision and sets the rollout duration. It's disabled by default and must be expressed as a Golang `time.Duration` string representation, rounded to a second precision." type: "string" + timeoutSeconds: + description: "The maximum duration in seconds that the request instance is allowed to respond to a request. This field propagates to the integration pod's terminationGracePeriodSeconds \n Refer to the Knative documentation for more information." + format: "int64" + type: "integer" visibility: description: "Setting `cluster-local`, Knative service becomes a private service. Specifically, this option applies the `networking.knative.dev/visibility` label to Knative service. \n Refer to the Knative documentation for more information." enum: diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1/pipes.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1/pipes.yaml index 9bd06db6b..e91c38cf9 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1/pipes.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1/pipes.yaml @@ -4284,6 +4284,14 @@ spec: - "Prefix" - "ImplementationSpecific" type: "string" + tlsHosts: + description: "To configure tls hosts" + items: + type: "string" + type: "array" + tlsSecretName: + description: "To configure tls secret name" + type: "string" type: "object" istio: description: "The configuration of Istio trait" @@ -4517,6 +4525,10 @@ spec: rolloutDuration: description: "Enables to gradually shift traffic to the latest Revision and sets the rollout duration. It's disabled by default and must be expressed as a Golang `time.Duration` string representation, rounded to a second precision." type: "string" + timeoutSeconds: + description: "The maximum duration in seconds that the request instance is allowed to respond to a request. This field propagates to the integration pod's terminationGracePeriodSeconds \n Refer to the Knative documentation for more information." + format: "int64" + type: "integer" visibility: description: "Setting `cluster-local`, Knative service becomes a private service. Specifically, this option applies the `networking.knative.dev/visibility` label to Knative service. \n Refer to the Knative documentation for more information." enum: diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1alpha1/kameletbindings.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1alpha1/kameletbindings.yaml index c5d45e4ff..106e98bdc 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1alpha1/kameletbindings.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1alpha1/kameletbindings.yaml @@ -4286,6 +4286,14 @@ spec: - "Prefix" - "ImplementationSpecific" type: "string" + tlsHosts: + description: "To configure tls hosts" + items: + type: "string" + type: "array" + tlsSecretName: + description: "To configure tls secret name" + type: "string" type: "object" istio: description: "The configuration of Istio trait" @@ -4519,6 +4527,10 @@ spec: rolloutDuration: description: "Enables to gradually shift traffic to the latest Revision and sets the rollout duration. It's disabled by default and must be expressed as a Golang `time.Duration` string representation, rounded to a second precision." type: "string" + timeoutSeconds: + description: "The maximum duration in seconds that the request instance is allowed to respond to a request. This field propagates to the integration pod's terminationGracePeriodSeconds \n Refer to the Knative documentation for more information." + format: "int64" + type: "integer" visibility: description: "Setting `cluster-local`, Knative service becomes a private service. Specifically, this option applies the `networking.knative.dev/visibility` label to Knative service. \n Refer to the Knative documentation for more information." enum: diff --git a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/clusters.yaml b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/clusters.yaml index f31df8396..2cc8ca815 100644 --- a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/clusters.yaml +++ b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/clusters.yaml @@ -170,6 +170,11 @@ spec: type: "array" x-kubernetes-list-type: "set" type: "object" + annotations: + additionalProperties: + type: "string" + description: "Specifies Annotations to override or add for underlying Pods." + type: "object" componentDef: description: "References the name of a ComponentDefinition object.\nThe ComponentDefinition specifies the behavior and characteristics of the Component.\nIf both `componentDefRef` and `componentDef` are provided,\nthe `componentDef` will take precedence over `componentDefRef`." maxLength: 64 @@ -181,6 +186,7 @@ spec: pattern: "^[a-z]([a-z0-9\\-]*[a-z0-9])?$" type: "string" configs: + description: "Specifies the configuration content of a config template." items: description: "ClusterComponentConfig represents a config with its source bound." properties: @@ -233,6 +239,90 @@ spec: type: "string" type: "array" x-kubernetes-list-type: "set" + env: + description: "List of environment variables to add.\nThese environment variables will be placed after the environment variables declared in the Pod." + items: + description: "EnvVar represents an environment variable present in a Container." + properties: + name: + description: "Name of the environment variable. Must be a C_IDENTIFIER." + type: "string" + value: + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." + type: "string" + valueFrom: + description: "Source for the environment variable's value. Cannot be used if value is not empty." + properties: + configMapKeyRef: + description: "Selects a key of a ConfigMap." + properties: + key: + description: "The key to select." + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + fieldRef: + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + required: + - "name" + type: "object" + type: "array" instances: description: "Allows for the customization of configuration values for each instance within a Component.\nAn instance represent a single replica (Pod and associated K8s resources like PVCs, Services, and ConfigMaps).\nWhile instances typically share a common configuration as defined in the ClusterComponentSpec,\nthey can require unique settings in various scenarios:\n\n\nFor example:\n- A database Component might require different resource allocations for primary and secondary instances,\n with primaries needing more resources.\n- During a rolling upgrade, a Component may first update the image for one or a few instances,\n and then update the remaining instances after verifying that the updated instances are functioning correctly.\n\n\nInstanceTemplate allows for specifying these unique configurations per instance.\nEach instance's name is constructed using the pattern: $(component.name)-$(template.name)-$(ordinal),\nstarting with an ordinal of 0.\nIt is crucial to maintain unique names for each InstanceTemplate to avoid conflicts.\n\n\nThe sum of replicas across all InstanceTemplates should not exceed the total number of replicas specified for the Component.\nAny remaining replicas will be generated using the default template and will follow the default naming rules." items: @@ -2068,6 +2158,11 @@ spec: required: - "name" type: "object" + labels: + additionalProperties: + type: "string" + description: "Specifies Labels to override or add for underlying Pods." + type: "object" monitor: description: "Deprecated since v0.9\nDetermines whether metrics exporter information is annotated on the Component's headless Service.\n\n\nIf set to true, the following annotations will be patched into the Service:\n\n\n- \"monitor.kubeblocks.io/path\"\n- \"monitor.kubeblocks.io/port\"\n- \"monitor.kubeblocks.io/scheme\"\n\n\nThese annotations allow the Prometheus installed by KubeBlocks to discover and scrape metrics from the exporter." type: "boolean" @@ -3105,3223 +3200,5196 @@ spec: - "name" type: "object" type: "array" - required: - - "replicas" - type: "object" - maxItems: 128 - minItems: 1 - type: "array" - x-kubernetes-validations: - - message: "duplicated component" - rule: "self.all(x, size(self.filter(c, c.name == x.name)) == 1)" - - message: "two kinds of definition API can not be used simultaneously" - rule: "self.all(x, size(self.filter(c, has(c.componentDef))) == 0) || self.all(x, size(self.filter(c, has(c.componentDef))) == size(self))" - network: - description: "The configuration of network.\n\n\nDeprecated since v0.9.\nThis field is maintained for backward compatibility and its use is discouraged.\nExisting usage should be updated to the current preferred approach to avoid compatibility issues in future releases." - properties: - hostNetworkAccessible: - default: false - description: "Indicates whether the host network can be accessed. By default, this is set to false." - type: "boolean" - publiclyAccessible: - default: false - description: "Indicates whether the network is accessible to the public. By default, this is set to false." - type: "boolean" - type: "object" - replicas: - description: "Specifies the replicas of the first componentSpec, if the replicas of the first componentSpec is specified,\nthis value will be ignored.\n\n\nDeprecated since v0.9.\nThis field is maintained for backward compatibility and its use is discouraged.\nExisting usage should be updated to the current preferred approach to avoid compatibility issues in future releases." - format: "int32" - type: "integer" - resources: - description: "Specifies the resources of the first componentSpec, if the resources of the first componentSpec is specified,\nthis value will be ignored.\n\n\nDeprecated since v0.9.\nThis field is maintained for backward compatibility and its use is discouraged.\nExisting usage should be updated to the current preferred approach to avoid compatibility issues in future releases." - properties: - cpu: - anyOf: - - type: "integer" - - type: "string" - description: "Specifies the amount of CPU resource the Cluster needs.\nFor more information, refer to: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - memory: - anyOf: - - type: "integer" - - type: "string" - description: "Specifies the amount of memory resource the Cluster needs.\nFor more information, refer to: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - type: "object" - runtimeClassName: - description: "Specifies runtimeClassName for all Pods managed by this Cluster." - type: "string" - schedulingPolicy: - description: "Specifies the scheduling policy for the Cluster." - properties: - affinity: - description: "Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity." - properties: - nodeAffinity: - description: "Describes node affinity scheduling rules for the pod." + volumes: + description: "List of volumes to override." + items: + description: "Volume represents a named volume in a pod that may be accessed by any container in the pod." properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred." - items: - description: "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." - properties: - preference: - description: "A node selector term, associated with the corresponding weight." - properties: - matchExpressions: - description: "A list of node selector requirements by node's labels." - items: - description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." - properties: - key: - description: "The label key that the selector applies to." - type: "string" - operator: - description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." - type: "string" - values: - description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - matchFields: - description: "A list of node selector requirements by node's fields." - items: - description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." - properties: - key: - description: "The label key that the selector applies to." - type: "string" - operator: - description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." - type: "string" - values: - description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - type: "object" - x-kubernetes-map-type: "atomic" - weight: - description: "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100." - format: "int32" - type: "integer" - required: - - "preference" - - "weight" - type: "object" - type: "array" - requiredDuringSchedulingIgnoredDuringExecution: - description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." + awsElasticBlockStore: + description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: - nodeSelectorTerms: - description: "Required. A list of node selector terms. The terms are ORed." - items: - description: "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm." - properties: - matchExpressions: - description: "A list of node selector requirements by node's labels." - items: - description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." - properties: - key: - description: "The label key that the selector applies to." - type: "string" - operator: - description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." - type: "string" - values: - description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - matchFields: - description: "A list of node selector requirements by node's fields." - items: - description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." - properties: - key: - description: "The label key that the selector applies to." - type: "string" - operator: - description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." - type: "string" - values: - description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - type: "object" - x-kubernetes-map-type: "atomic" - type: "array" + fsType: + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + partition: + description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." + format: "int32" + type: "integer" + readOnly: + description: "readOnly value true will force the readOnly setting in VolumeMounts.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + type: "boolean" + volumeID: + description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + type: "string" required: - - "nodeSelectorTerms" + - "volumeID" type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - podAffinity: - description: "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s))." - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." - items: - description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" - properties: - podAffinityTerm: - description: "Required. A pod affinity term, associated with the corresponding weight." - properties: - labelSelector: - description: "A label query over a set of resources, in this case pods." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" + azureDisk: + description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod." + properties: + cachingMode: + description: "cachingMode is the Host Caching mode: None, Read Only, Read Write." + type: "string" + diskName: + description: "diskName is the Name of the data disk in the blob storage" + type: "string" + diskURI: + description: "diskURI is the URI of data disk in the blob storage" + type: "string" + fsType: + description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + kind: + description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" + type: "string" + readOnly: + description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + type: "boolean" + required: + - "diskName" + - "diskURI" + type: "object" + azureFile: + description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod." + properties: + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + type: "boolean" + secretName: + description: "secretName is the name of secret that contains Azure Storage Account Name and Key" + type: "string" + shareName: + description: "shareName is the azure share Name" + type: "string" + required: + - "secretName" + - "shareName" + type: "object" + cephfs: + description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime" + properties: + monitors: + description: "monitors is Required: Monitors is a collection of Ceph monitors\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + items: + type: "string" + type: "array" + path: + description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" + type: "string" + readOnly: + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + type: "boolean" + secretFile: + description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + type: "string" + secretRef: + description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + user: + description: "user is optional: User is the rados user name, default is admin\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + type: "string" + required: + - "monitors" + type: "object" + cinder: + description: "cinder represents a cinder volume attached and mounted on kubelets host machine.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" + properties: + fsType: + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" + type: "string" + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" + type: "boolean" + secretRef: + description: "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack." + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + volumeID: + description: "volumeID used to identify the volume in cinder.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" + type: "string" + required: + - "volumeID" + type: "object" + configMap: + description: "configMap represents a configMap that should populate this volume" + properties: + defaultMode: + description: "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional specify whether the ConfigMap or its keys must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + csi: + description: "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature)." + properties: + driver: + description: "driver is the name of the CSI driver that handles this volume.\nConsult with your admin for the correct name as registered in the cluster." + type: "string" + fsType: + description: "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\".\nIf not provided, the empty value is passed to the associated CSI driver\nwhich will determine the default filesystem to apply." + type: "string" + nodePublishSecretRef: + description: "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed." + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + readOnly: + description: "readOnly specifies a read-only configuration for the volume.\nDefaults to false (read/write)." + type: "boolean" + volumeAttributes: + additionalProperties: + type: "string" + description: "volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values." + type: "object" + required: + - "driver" + type: "object" + downwardAPI: + description: "downwardAPI represents downward API about the pod that should populate this volume" + properties: + defaultMode: + description: "Optional: mode bits to use on created files by default. Must be a\nOptional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "Items is a list of downward API volume file" + items: + description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" + properties: + fieldRef: + description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" type: "object" x-kubernetes-map-type: "atomic" - namespaceSelector: - description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." + mode: + description: "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" + type: "string" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" type: "object" x-kubernetes-map-type: "atomic" - namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." - items: - type: "string" - type: "array" - topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." - type: "string" required: - - "topologyKey" + - "path" type: "object" - weight: - description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." - format: "int32" - type: "integer" - required: - - "podAffinityTerm" - - "weight" - type: "object" - type: "array" - requiredDuringSchedulingIgnoredDuringExecution: - description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." - items: - description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" - properties: - labelSelector: - description: "A label query over a set of resources, in this case pods." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + type: "array" + type: "object" + emptyDir: + description: "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + properties: + medium: + description: "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + type: "string" + sizeLimit: + anyOf: + - type: "integer" + - type: "string" + description: "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + type: "object" + ephemeral: + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + properties: + metadata: + description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." + properties: + annotations: + additionalProperties: + type: "string" + type: "object" + finalizers: + items: + type: "string" + type: "array" + labels: + additionalProperties: + type: "string" + type: "object" + name: + type: "string" + namespace: + type: "string" + type: "object" + spec: + description: "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here." + properties: + accessModes: + description: "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + items: + type: "string" + type: "array" + dataSource: + description: "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource." properties: - key: - description: "key is the label key that the selector applies to." + apiGroup: + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + kind: + description: "Kind is the type of resource being referenced" + type: "string" + name: + description: "Name is the name of resource being referenced" type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" required: - - "key" - - "operator" + - "kind" + - "name" type: "object" - type: "array" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaceSelector: - description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + x-kubernetes-map-type: "atomic" + dataSourceRef: + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." properties: - key: - description: "key is the label key that the selector applies to." + apiGroup: + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + kind: + description: "Kind is the type of resource being referenced" type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + name: + description: "Name is the name of resource being referenced" + type: "string" + namespace: + description: "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + type: "string" + required: + - "kind" + - "name" + type: "object" + resources: + description: "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: - type: "string" + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + type: "string" + required: + - "name" + type: "object" type: "array" - required: - - "key" - - "operator" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" type: "object" - type: "array" - matchLabels: - additionalProperties: + selector: + description: "selector is a label query over volumes to consider for binding." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + storageClassName: + description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." - items: + volumeMode: + description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." + type: "string" + volumeName: + description: "volumeName is the binding reference to the PersistentVolume backing this claim." + type: "string" + type: "object" + required: + - "spec" + type: "object" + type: "object" + fc: + description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." + properties: + fsType: + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + lun: + description: "lun is Optional: FC target lun number" + format: "int32" + type: "integer" + readOnly: + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + type: "boolean" + targetWWNs: + description: "targetWWNs is Optional: FC target worldwide names (WWNs)" + items: + type: "string" + type: "array" + wwids: + description: "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously." + items: + type: "string" + type: "array" + type: "object" + flexVolume: + description: "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin." + properties: + driver: + description: "driver is the name of the driver to use for this volume." + type: "string" + fsType: + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script." + type: "string" + options: + additionalProperties: + type: "string" + description: "options is Optional: this field holds extra command options if any." + type: "object" + readOnly: + description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + type: "boolean" + secretRef: + description: "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts." + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" - type: "array" - topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." + type: "object" + x-kubernetes-map-type: "atomic" + required: + - "driver" + type: "object" + flocker: + description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running" + properties: + datasetName: + description: "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker\nshould be considered as deprecated" + type: "string" + datasetUUID: + description: "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset" + type: "string" + type: "object" + gcePersistentDisk: + description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + properties: + fsType: + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + partition: + description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + format: "int32" + type: "integer" + pdName: + description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + type: "string" + readOnly: + description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + type: "boolean" + required: + - "pdName" + type: "object" + gitRepo: + description: "gitRepo represents a git repository at a particular revision.\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\ninto the Pod's container." + properties: + directory: + description: "directory is the target directory name.\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\ngit repository. Otherwise, if specified, the volume will contain the git repository in\nthe subdirectory with the given name." + type: "string" + repository: + description: "repository is the URL" + type: "string" + revision: + description: "revision is the commit hash for the specified revision." + type: "string" + required: + - "repository" + type: "object" + glusterfs: + description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md" + properties: + endpoints: + description: "endpoints is the endpoint name that details Glusterfs topology.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + type: "string" + path: + description: "path is the Glusterfs volume path.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + type: "string" + readOnly: + description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + type: "boolean" + required: + - "endpoints" + - "path" + type: "object" + hostPath: + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + properties: + path: + description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + type: "string" + type: + description: "type for HostPath Volume\nDefaults to \"\"\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + type: "string" + required: + - "path" + type: "object" + iscsi: + description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" + properties: + chapAuthDiscovery: + description: "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication" + type: "boolean" + chapAuthSession: + description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" + type: "boolean" + fsType: + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + initiatorName: + description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." + type: "string" + iqn: + description: "iqn is the target iSCSI Qualified Name." + type: "string" + iscsiInterface: + description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." + type: "string" + lun: + description: "lun represents iSCSI Target Lun number." + format: "int32" + type: "integer" + portals: + description: "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260)." + items: type: "string" - required: - - "topologyKey" - type: "object" - type: "array" - type: "object" - podAntiAffinity: - description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." - items: - description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" - properties: - podAffinityTerm: - description: "Required. A pod affinity term, associated with the corresponding weight." + type: "array" + readOnly: + description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false." + type: "boolean" + secretRef: + description: "secretRef is the CHAP Secret for iSCSI target and initiator authentication" + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + targetPortal: + description: "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260)." + type: "string" + required: + - "iqn" + - "lun" + - "targetPortal" + type: "object" + name: + description: "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + nfs: + description: "nfs represents an NFS mount on the host that shares a pod's lifetime\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + properties: + path: + description: "path that is exported by the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + type: "string" + readOnly: + description: "readOnly here will force the NFS export to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + type: "boolean" + server: + description: "server is the hostname or IP address of the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + type: "string" + required: + - "path" + - "server" + type: "object" + persistentVolumeClaim: + description: "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + properties: + claimName: + description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + type: "string" + readOnly: + description: "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false." + type: "boolean" + required: + - "claimName" + type: "object" + photonPersistentDisk: + description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine" + properties: + fsType: + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + pdID: + description: "pdID is the ID that identifies Photon Controller persistent disk" + type: "string" + required: + - "pdID" + type: "object" + portworxVolume: + description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine" + properties: + fsType: + description: "fSType represents the filesystem type to mount\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + type: "boolean" + volumeID: + description: "volumeID uniquely identifies a Portworx volume" + type: "string" + required: + - "volumeID" + type: "object" + projected: + description: "projected items for all in one resources secrets, configmaps, and downward API" + properties: + defaultMode: + description: "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + sources: + description: "sources is the list of volume projections" + items: + description: "Projection that may be projected along with other supported volume types" properties: - labelSelector: - description: "A label query over a set of resources, in this case pods." + configMap: + description: "configMap information about the configMap data to project" properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + description: "Maps a string key to a path within a volume." properties: key: - description: "key is the label key that the selector applies to." + description: "key is the key to project." type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" required: - "key" - - "operator" + - "path" type: "object" type: "array" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional specify whether the ConfigMap or its keys must be defined" + type: "boolean" type: "object" x-kubernetes-map-type: "atomic" - namespaceSelector: - description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." + downwardAPI: + description: "downwardAPI information about the downwardAPI data to project" properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "Items is a list of DownwardAPIVolume file" items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" + properties: + fieldRef: + description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + mode: + description: "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" + type: "string" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + required: + - "path" + type: "object" + type: "array" + type: "object" + secret: + description: "secret information about the secret data to project" + properties: + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." properties: key: - description: "key is the label key that the selector applies to." + description: "key is the key to project." type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" required: - "key" - - "operator" + - "path" type: "object" type: "array" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional field specify whether the Secret or its key must be defined" + type: "boolean" type: "object" x-kubernetes-map-type: "atomic" - namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." - items: - type: "string" - type: "array" - topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." - type: "string" - required: - - "topologyKey" - type: "object" - weight: - description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." - format: "int32" - type: "integer" - required: - - "podAffinityTerm" - - "weight" - type: "object" - type: "array" - requiredDuringSchedulingIgnoredDuringExecution: - description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." - items: - description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" - properties: - labelSelector: - description: "A label query over a set of resources, in this case pods." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + serviceAccountToken: + description: "serviceAccountToken is information about the serviceAccountToken data to project" + properties: + audience: + description: "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver." + type: "string" + expirationSeconds: + description: "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes." + format: "int64" + type: "integer" + path: + description: "path is the path relative to the mount point of the file to project the\ntoken into." + type: "string" + required: + - "path" type: "object" type: "object" - x-kubernetes-map-type: "atomic" - namespaceSelector: - description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." + type: "array" + type: "object" + quobyte: + description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime" + properties: + group: + description: "group to map volume access to\nDefault is no group" + type: "string" + readOnly: + description: "readOnly here will force the Quobyte volume to be mounted with read-only permissions.\nDefaults to false." + type: "boolean" + registry: + description: "registry represents a single or multiple Quobyte Registry services\nspecified as a string as host:port pair (multiple entries are separated with commas)\nwhich acts as the central registry for volumes" + type: "string" + tenant: + description: "tenant owning the given Quobyte volume in the Backend\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin" + type: "string" + user: + description: "user to map volume access to\nDefaults to serivceaccount user" + type: "string" + volume: + description: "volume is a string that references an already created Quobyte volume by name." + type: "string" + required: + - "registry" + - "volume" + type: "object" + rbd: + description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" + properties: + fsType: + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + image: + description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "string" + keyring: + description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "string" + monitors: + description: "monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + items: + type: "string" + type: "array" + pool: + description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "string" + readOnly: + description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "boolean" + secretRef: + description: "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + user: + description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "string" + required: + - "image" + - "monitors" + type: "object" + scaleIO: + description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." + properties: + fsType: + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." + type: "string" + gateway: + description: "gateway is the host address of the ScaleIO API Gateway." + type: "string" + protectionDomain: + description: "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage." + type: "string" + readOnly: + description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + type: "boolean" + secretRef: + description: "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail." + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + sslEnabled: + description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" + type: "boolean" + storageMode: + description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." + type: "string" + storagePool: + description: "storagePool is the ScaleIO Storage Pool associated with the protection domain." + type: "string" + system: + description: "system is the name of the storage system as configured in ScaleIO." + type: "string" + volumeName: + description: "volumeName is the name of a volume already created in the ScaleIO system\nthat is associated with this volume source." + type: "string" + required: + - "gateway" + - "secretRef" + - "system" + type: "object" + secret: + description: "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + properties: + defaultMode: + description: "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." - items: - type: "string" - type: "array" - topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." - type: "string" - required: - - "topologyKey" - type: "object" - type: "array" - type: "object" - type: "object" - nodeName: - description: "NodeName is a request to schedule this Pod onto a specific node. If it is non-empty,\nthe scheduler simply schedules this Pod onto that node, assuming that it fits resource\nrequirements." - type: "string" - nodeSelector: - additionalProperties: - type: "string" - description: "NodeSelector is a selector which must be true for the Pod to fit on a node.\nSelector which must match a node's labels for the Pod to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" - type: "object" - x-kubernetes-map-type: "atomic" - schedulerName: - description: "If specified, the Pod will be dispatched by specified scheduler.\nIf not specified, the Pod will be dispatched by default scheduler." - type: "string" - tolerations: - description: "Allows Pods to be scheduled onto nodes with matching taints.\nEach toleration in the array allows the Pod to tolerate node taints based on\nspecified `key`, `value`, `effect`, and `operator`.\n\n\n- The `key`, `value`, and `effect` identify the taint that the toleration matches.\n- The `operator` determines how the toleration matches the taint.\n\n\nPods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes." - items: - description: "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ." - properties: - effect: - description: "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." - type: "string" - key: - description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys." - type: "string" - operator: - description: "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category." - type: "string" - tolerationSeconds: - description: "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system." - format: "int64" - type: "integer" - value: - description: "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string." - type: "string" - type: "object" - type: "array" - topologySpreadConstraints: - description: "TopologySpreadConstraints describes how a group of Pods ought to spread across topology\ndomains. Scheduler will schedule Pods in a way which abides by the constraints.\nAll topologySpreadConstraints are ANDed." - items: - description: "TopologySpreadConstraint specifies how to spread matching pods among the given topology." - properties: - labelSelector: - description: "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + type: "array" + optional: + description: "optional field specify whether the Secret or its keys must be defined" + type: "boolean" + secretName: + description: "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + type: "string" + type: "object" + storageos: + description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes." + properties: + fsType: + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + type: "boolean" + secretRef: + description: "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted." properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" type: "object" - type: "array" - matchLabels: - additionalProperties: + x-kubernetes-map-type: "atomic" + volumeName: + description: "volumeName is the human-readable name of the StorageOS volume. Volume\nnames are only unique within a namespace." type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - maxSkew: - description: "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed." - format: "int32" - type: "integer" - minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.\n\n\nThis is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default)." - format: "int32" - type: "integer" - nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." - type: "string" - nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." - type: "string" - topologyKey: - description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." - type: "string" - whenUnsatisfiable: - description: "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field." - type: "string" - required: - - "maxSkew" - - "topologyKey" - - "whenUnsatisfiable" - type: "object" - type: "array" - type: "object" - services: - description: "Defines a list of additional Services that are exposed by a Cluster.\nThis field allows Services of selected Components, either from `componentSpecs` or `shardingSpecs` to be exposed,\nalongside Services defined with ComponentService.\n\n\nServices defined here can be referenced by other clusters using the ServiceRefClusterSelector." - items: - description: "ClusterService defines a service that is exposed externally, allowing entities outside the cluster to access it.\nFor example, external applications, or other Clusters.\nAnd another Cluster managed by the same KubeBlocks operator can resolve the address exposed by a ClusterService\nusing the `serviceRef` field.\n\n\nWhen a Component needs to access another Cluster's ClusterService using the `serviceRef` field,\nit must also define the service type and version information in the `componentDefinition.spec.serviceRefDeclarations`\nsection." - properties: - annotations: - additionalProperties: - type: "string" - description: "If ServiceType is LoadBalancer, cloud provider related parameters can be put here\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer." - type: "object" - componentSelector: - description: "Extends the ServiceSpec.Selector by allowing the specification of a component, to be used as a selector for the service.\nNote that this and the `shardingSelector` are mutually exclusive and cannot be set simultaneously." - type: "string" - name: - description: "Name defines the name of the service.\notherwise, it indicates the name of the service.\nOthers can refer to this service by its name. (e.g., connection credential)\nCannot be updated." - maxLength: 25 - type: "string" - roleSelector: - description: "Extends the above `serviceSpec.selector` by allowing you to specify defined role as selector for the service.\nWhen `roleSelector` is set, it adds a label selector \"kubeblocks.io/role: {roleSelector}\"\nto the `serviceSpec.selector`.\nExample usage:\n\n\n\t roleSelector: \"leader\"\n\n\nIn this example, setting `roleSelector` to \"leader\" will add a label selector\n\"kubeblocks.io/role: leader\" to the `serviceSpec.selector`.\nThis means that the service will select and route traffic to Pods with the label\n\"kubeblocks.io/role\" set to \"leader\".\n\n\nNote that if `podService` sets to true, RoleSelector will be ignored.\nThe `podService` flag takes precedence over `roleSelector` and generates a service for each Pod." - type: "string" - serviceName: - description: "ServiceName defines the name of the underlying service object.\nIf not specified, the default service name with different patterns will be used:\n\n\n- CLUSTER_NAME: for cluster-level services\n- CLUSTER_NAME-COMPONENT_NAME: for component-level services\n\n\nOnly one default service name is allowed.\nCannot be updated." - maxLength: 25 - pattern: "^[a-z]([a-z0-9\\-]*[a-z0-9])?$" - type: "string" - shardingSelector: - description: "Extends the ServiceSpec.Selector by allowing the specification of a sharding name, which is defined in\n`cluster.spec.shardingSpecs[*].name`, to be used as a selector for the service.\nNote that this and the `componentSelector` are mutually exclusive and cannot be set simultaneously." - type: "string" - spec: - description: "Spec defines the behavior of a service.\nhttps://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" - properties: - allocateLoadBalancerNodePorts: - description: "allocateLoadBalancerNodePorts defines if NodePorts will be automatically\nallocated for services with type LoadBalancer. Default is \"true\". It\nmay be set to \"false\" if the cluster load-balancer does not rely on\nNodePorts. If the caller requests specific NodePorts (by specifying a\nvalue), those requests will be respected, regardless of this field.\nThis field may only be set for services with type LoadBalancer and will\nbe cleared if the type is changed to any other type." - type: "boolean" - clusterIP: - description: "clusterIP is the IP address of the service and is usually assigned\nrandomly. If an address is specified manually, is in-range (as per\nsystem configuration), and is not in use, it will be allocated to the\nservice; otherwise creation of the service will fail. This field may not\nbe changed through updates unless the type field is also being changed\nto ExternalName (which requires this field to be blank) or the type\nfield is being changed from ExternalName (in which case this field may\noptionally be specified, as describe above). Valid values are \"None\",\nempty string (\"\"), or a valid IP address. Setting this to \"None\" makes a\n\"headless service\" (no virtual IP), which is useful when direct endpoint\nconnections are preferred and proxying is not required. Only applies to\ntypes ClusterIP, NodePort, and LoadBalancer. If this field is specified\nwhen creating a Service of type ExternalName, creation will fail. This\nfield will be wiped when updating a Service to type ExternalName.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - type: "string" - clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - externalIPs: - description: "externalIPs is a list of IP addresses for which nodes in the cluster\nwill also accept traffic for this service. These IPs are not managed by\nKubernetes. The user is responsible for ensuring that traffic arrives\nat a node with this IP. A common example is external load-balancers\nthat are not part of the Kubernetes system." - items: - type: "string" - type: "array" - externalName: - description: "externalName is the external reference that discovery mechanisms will\nreturn as an alias for this service (e.g. a DNS CNAME record). No\nproxying will be involved. Must be a lowercase RFC-1123 hostname\n(https://tools.ietf.org/html/rfc1123) and requires `type` to be \"ExternalName\"." - type: "string" - externalTrafficPolicy: - description: "externalTrafficPolicy describes how nodes distribute service traffic they\nreceive on one of the Service's \"externally-facing\" addresses (NodePorts,\nExternalIPs, and LoadBalancer IPs). If set to \"Local\", the proxy will configure\nthe service in a way that assumes that external load balancers will take care\nof balancing the service traffic between nodes, and so each node will deliver\ntraffic only to the node-local endpoints of the service, without masquerading\nthe client source IP. (Traffic mistakenly sent to a node with no endpoints will\nbe dropped.) The default value, \"Cluster\", uses the standard behavior of\nrouting to all endpoints evenly (possibly modified by topology and other\nfeatures). Note that traffic sent to an External IP or LoadBalancer IP from\nwithin the cluster will always get \"Cluster\" semantics, but clients sending to\na NodePort from within the cluster may need to take traffic policy into account\nwhen picking a node." - type: "string" - healthCheckNodePort: - description: "healthCheckNodePort specifies the healthcheck nodePort for the service.\nThis only applies when type is set to LoadBalancer and\nexternalTrafficPolicy is set to Local. If a value is specified, is\nin-range, and is not in use, it will be used. If not specified, a value\nwill be automatically allocated. External systems (e.g. load-balancers)\ncan use this port to determine if a given node holds endpoints for this\nservice or not. If this field is specified when creating a Service\nwhich does not need it, creation will fail. This field will be wiped\nwhen updating a Service to no longer need it (e.g. changing type).\nThis field cannot be updated once set." - format: "int32" - type: "integer" - internalTrafficPolicy: - description: "InternalTrafficPolicy describes how nodes distribute service traffic they\nreceive on the ClusterIP. If set to \"Local\", the proxy will assume that pods\nonly want to talk to endpoints of the service on the same node as the pod,\ndropping the traffic if there are no local endpoints. The default value,\n\"Cluster\", uses the standard behavior of routing to all endpoints evenly\n(possibly modified by topology and other features)." - type: "string" - ipFamilies: - description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field." - items: - description: "IPFamily represents the IP Family (IPv4 or IPv6). This type is used\nto express the family of an IP expressed by a type (e.g. service.spec.ipFamilies)." - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - ipFamilyPolicy: - description: "IPFamilyPolicy represents the dual-stack-ness requested or required by\nthis Service. If there is no value provided, then this field will be set\nto SingleStack. Services can be \"SingleStack\" (a single IP family),\n\"PreferDualStack\" (two IP families on dual-stack configured clusters or\na single IP family on single-stack clusters), or \"RequireDualStack\"\n(two IP families on dual-stack configured clusters, otherwise fail). The\nipFamilies and clusterIPs fields depend on the value of this field. This\nfield will be wiped when updating a service to type ExternalName." - type: "string" - loadBalancerClass: - description: "loadBalancerClass is the class of the load balancer implementation this Service belongs to.\nIf specified, the value of this field must be a label-style identifier, with an optional prefix,\ne.g. \"internal-vip\" or \"example.com/internal-vip\". Unprefixed names are reserved for end-users.\nThis field can only be set when the Service type is 'LoadBalancer'. If not set, the default load\nbalancer implementation is used, today this is typically done through the cloud provider integration,\nbut should apply for any default implementation. If set, it is assumed that a load balancer\nimplementation is watching for Services with a matching class. Any default load balancer\nimplementation (e.g. cloud providers) should ignore Services that set this field.\nThis field can only be set when creating or updating a Service to type 'LoadBalancer'.\nOnce set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type." - type: "string" - loadBalancerIP: - description: "Only applies to Service Type: LoadBalancer.\nThis feature depends on whether the underlying cloud-provider supports specifying\nthe loadBalancerIP when a load balancer is created.\nThis field will be ignored if the cloud-provider does not support the feature.\nDeprecated: This field was under-specified and its meaning varies across implementations.\nUsing it is non-portable and it may not support dual-stack.\nUsers are encouraged to use implementation-specific annotations when available." - type: "string" - loadBalancerSourceRanges: - description: "If specified and supported by the platform, this will restrict traffic through the cloud-provider\nload-balancer will be restricted to the specified client IPs. This field will be ignored if the\ncloud-provider does not support the feature.\"\nMore info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/" - items: - type: "string" - type: "array" - ports: - description: "The list of ports that are exposed by this service.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - description: "ServicePort contains information on service's port." + volumeNamespace: + description: "volumeNamespace specifies the scope of the volume within StorageOS. If no\nnamespace is specified then the Pod's namespace will be used. This allows the\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\nSet VolumeName to any name to override the default behaviour.\nSet to \"default\" if you are not using namespaces within StorageOS.\nNamespaces that do not pre-exist within StorageOS will be created." + type: "string" + type: "object" + vsphereVolume: + description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine" properties: - appProtocol: - description: "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol." + fsType: + description: "fsType is filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" - name: - description: "The name of this port within the service. This must be a DNS_LABEL.\nAll ports within a ServiceSpec must have unique names. When considering\nthe endpoints for a Service, this must match the 'name' field in the\nEndpointPort.\nOptional if only one ServicePort is defined on this service." + storagePolicyID: + description: "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName." type: "string" - nodePort: - description: "The port on each node on which this service is exposed when type is\nNodePort or LoadBalancer. Usually assigned by the system. If a value is\nspecified, in-range, and not in use it will be used, otherwise the\noperation will fail. If not specified, a port will be allocated if this\nService requires one. If this field is specified when creating a\nService which does not need it, creation will fail. This field will be\nwiped when updating a Service to no longer need it (e.g. changing type\nfrom NodePort to ClusterIP).\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport" - format: "int32" - type: "integer" - port: - description: "The port that will be exposed by this service." - format: "int32" - type: "integer" - protocol: - default: "TCP" - description: "The IP protocol for this port. Supports \"TCP\", \"UDP\", and \"SCTP\".\nDefault is TCP." + storagePolicyName: + description: "storagePolicyName is the storage Policy Based Management (SPBM) profile name." + type: "string" + volumePath: + description: "volumePath is the path that identifies vSphere volume vmdk" type: "string" - targetPort: - anyOf: - - type: "integer" - - type: "string" - description: "Number or name of the port to access on the pods targeted by the service.\nNumber must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.\nIf this is a string, it will be looked up as a named port in the\ntarget Pod's container ports. If this is not specified, the value\nof the 'port' field is used (an identity map).\nThis field is ignored for services with clusterIP=None, and should be\nomitted or set equal to the 'port' field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service" - x-kubernetes-int-or-string: true required: - - "port" + - "volumePath" type: "object" - type: "array" - x-kubernetes-list-map-keys: - - "port" - - "protocol" - x-kubernetes-list-type: "map" - publishNotReadyAddresses: - description: "publishNotReadyAddresses indicates that any agent which deals with endpoints for this\nService should disregard any indications of ready/not-ready.\nThe primary use case for setting this field is for a StatefulSet's Headless Service to\npropagate SRV DNS records for its Pods for the purpose of peer discovery.\nThe Kubernetes controllers that generate Endpoints and EndpointSlice resources for\nServices interpret this to mean that all endpoints are considered \"ready\" even if the\nPods themselves are not. Agents which consume only Kubernetes generated endpoints\nthrough the Endpoints or EndpointSlice resources can safely assume this behavior." - type: "boolean" - selector: - additionalProperties: - type: "string" - description: "Route service traffic to pods with label keys and values matching this\nselector. If empty or not present, the service is assumed to have an\nexternal process managing its endpoints, which Kubernetes will not\nmodify. Only applies to types ClusterIP, NodePort, and LoadBalancer.\nIgnored if type is ExternalName.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/" - type: "object" - x-kubernetes-map-type: "atomic" - sessionAffinity: - description: "Supports \"ClientIP\" and \"None\". Used to maintain session affinity.\nEnable client IP based session affinity.\nMust be ClientIP or None.\nDefaults to None.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - type: "string" - sessionAffinityConfig: - description: "sessionAffinityConfig contains the configurations of session affinity." - properties: - clientIP: - description: "clientIP contains the configurations of Client IP based session affinity." - properties: - timeoutSeconds: - description: "timeoutSeconds specifies the seconds of ClientIP type session sticky time.\nThe value must be >0 && <=86400(for 1 day) if ServiceAffinity == \"ClientIP\".\nDefault value is 10800(for 3 hours)." - format: "int32" - type: "integer" - type: "object" - type: "object" - type: - description: "type determines how the Service is exposed. Defaults to ClusterIP. Valid\noptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.\n\"ClusterIP\" allocates a cluster-internal IP address for load-balancing\nto endpoints. Endpoints are determined by the selector or if that is not\nspecified, by manual construction of an Endpoints object or\nEndpointSlice objects. If clusterIP is \"None\", no virtual IP is\nallocated and the endpoints are published as a set of endpoints rather\nthan a virtual IP.\n\"NodePort\" builds on ClusterIP and allocates a port on every node which\nroutes to the same endpoints as the clusterIP.\n\"LoadBalancer\" builds on NodePort and creates an external load-balancer\n(if supported in the current cloud) which routes to the same endpoints\nas the clusterIP.\n\"ExternalName\" aliases this service to the specified externalName.\nSeveral other fields do not apply to ExternalName services.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types" - type: "string" - type: "object" + required: + - "name" + type: "object" + type: "array" required: - - "name" + - "replicas" type: "object" + maxItems: 128 + minItems: 1 type: "array" - x-kubernetes-preserve-unknown-fields: true - shardingSpecs: - description: "Specifies a list of ShardingSpec objects that manage the sharding topology for Cluster Components.\nEach ShardingSpec organizes components into shards, with each shard corresponding to a Component.\nComponents within a shard are all based on a common ClusterComponentSpec template, ensuring uniform configurations.\n\n\nThis field supports dynamic resharding by facilitating the addition or removal of shards\nthrough the `shards` field in ShardingSpec.\n\n\nNote: `shardingSpecs` and `componentSpecs` cannot both be empty; at least one must be defined to configure a Cluster." - items: - description: "ShardingSpec defines how KubeBlocks manage dynamic provisioned shards.\nA typical design pattern for distributed databases is to distribute data across multiple shards,\nwith each shard consisting of multiple replicas.\nTherefore, KubeBlocks supports representing a shard with a Component and dynamically instantiating Components\nusing a template when shards are added.\nWhen shards are removed, the corresponding Components are also deleted." - properties: - name: - description: "Represents the common parent part of all shard names.\nThis identifier is included as part of the Service DNS name and must comply with IANA service naming rules.\nIt is used to generate the names of underlying Components following the pattern `$(shardingSpec.name)-$(ShardID)`.\nShardID is a random string that is appended to the Name to generate unique identifiers for each shard.\nFor example, if the sharding specification name is \"my-shard\" and the ShardID is \"abc\", the resulting Component name\nwould be \"my-shard-abc\".\n\n\nNote that the name defined in Component template(`shardingSpec.template.name`) will be disregarded\nwhen generating the Component names of the shards. The `shardingSpec.name` field takes precedence." - maxLength: 15 - pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" - type: "string" - x-kubernetes-validations: - - message: "name is immutable" - rule: "self == oldSelf" - shards: - description: "Specifies the desired number of shards.\nUsers can declare the desired number of shards through this field.\nKubeBlocks dynamically creates and deletes Components based on the difference\nbetween the desired and actual number of shards.\nKubeBlocks provides lifecycle management for sharding, including:\n\n\n- Executing the postProvision Action defined in the ComponentDefinition when the number of shards increases.\n This allows for custom actions to be performed after a new shard is provisioned.\n- Executing the preTerminate Action defined in the ComponentDefinition when the number of shards decreases.\n This enables custom cleanup or data migration tasks to be executed before a shard is terminated.\n Resources and data associated with the corresponding Component will also be deleted." - format: "int32" - maximum: 2048.0 - minimum: 0.0 - type: "integer" - template: - description: "The template for generating Components for shards, where each shard consists of one Component.\nThis field is of type ClusterComponentSpec, which encapsulates all the required details and\ndefinitions for creating and managing the Components.\nKubeBlocks uses this template to generate a set of identical Components or shards.\nAll the generated Components will have the same specifications and definitions as specified in the `template` field.\n\n\nThis allows for the creation of multiple Components with consistent configurations,\nenabling sharding and distribution of workloads across Components." - properties: - affinity: - description: "Specifies a group of affinity scheduling rules for the Component.\nIt allows users to control how the Component's Pods are scheduled onto nodes in the K8s cluster.\n\n\nDeprecated since v0.10, replaced by the `schedulingPolicy` field." - properties: - nodeLabels: - additionalProperties: - type: "string" - description: "Indicates the node labels that must be present on nodes for pods to be scheduled on them.\nIt is a map where the keys are the label keys and the values are the corresponding label values.\nPods will only be scheduled on nodes that have all the specified labels with the corresponding values.\n\n\nFor example, if NodeLabels is set to {\"nodeType\": \"ssd\", \"environment\": \"production\"},\npods will only be scheduled on nodes that have both the \"nodeType\" label with value \"ssd\"\nand the \"environment\" label with value \"production\".\n\n\nThis field allows users to control Pod placement based on specific node labels.\nIt can be used to ensure that Pods are scheduled on nodes with certain characteristics,\nsuch as specific hardware (e.g., SSD), environment (e.g., production, staging),\nor any other custom labels assigned to nodes." + x-kubernetes-validations: + - message: "duplicated component" + rule: "self.all(x, size(self.filter(c, c.name == x.name)) == 1)" + - message: "two kinds of definition API can not be used simultaneously" + rule: "self.all(x, size(self.filter(c, has(c.componentDef))) == 0) || self.all(x, size(self.filter(c, has(c.componentDef))) == size(self))" + network: + description: "The configuration of network.\n\n\nDeprecated since v0.9.\nThis field is maintained for backward compatibility and its use is discouraged.\nExisting usage should be updated to the current preferred approach to avoid compatibility issues in future releases." + properties: + hostNetworkAccessible: + default: false + description: "Indicates whether the host network can be accessed. By default, this is set to false." + type: "boolean" + publiclyAccessible: + default: false + description: "Indicates whether the network is accessible to the public. By default, this is set to false." + type: "boolean" + type: "object" + replicas: + description: "Specifies the replicas of the first componentSpec, if the replicas of the first componentSpec is specified,\nthis value will be ignored.\n\n\nDeprecated since v0.9.\nThis field is maintained for backward compatibility and its use is discouraged.\nExisting usage should be updated to the current preferred approach to avoid compatibility issues in future releases." + format: "int32" + type: "integer" + resources: + description: "Specifies the resources of the first componentSpec, if the resources of the first componentSpec is specified,\nthis value will be ignored.\n\n\nDeprecated since v0.9.\nThis field is maintained for backward compatibility and its use is discouraged.\nExisting usage should be updated to the current preferred approach to avoid compatibility issues in future releases." + properties: + cpu: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the amount of CPU resource the Cluster needs.\nFor more information, refer to: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the amount of memory resource the Cluster needs.\nFor more information, refer to: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + type: "object" + runtimeClassName: + description: "Specifies runtimeClassName for all Pods managed by this Cluster." + type: "string" + schedulingPolicy: + description: "Specifies the scheduling policy for the Cluster." + properties: + affinity: + description: "Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity." + properties: + nodeAffinity: + description: "Describes node affinity scheduling rules for the pod." + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred." + items: + description: "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." + properties: + preference: + description: "A node selector term, associated with the corresponding weight." + properties: + matchExpressions: + description: "A list of node selector requirements by node's labels." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchFields: + description: "A list of node selector requirements by node's fields." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + type: "object" + x-kubernetes-map-type: "atomic" + weight: + description: "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100." + format: "int32" + type: "integer" + required: + - "preference" + - "weight" type: "object" - podAntiAffinity: - default: "Preferred" - description: "Specifies the anti-affinity level of Pods within a Component.\nIt determines how pods should be spread across nodes to improve availability and performance.\nIt can have the following values: `Preferred` and `Required`.\nThe default value is `Preferred`." - enum: - - "Preferred" - - "Required" - type: "string" - tenancy: - default: "SharedNode" - description: "Determines the level of resource isolation between Pods.\nIt can have the following values: `SharedNode` and `DedicatedNode`.\n\n\n- SharedNode: Allow that multiple Pods may share the same node, which is the default behavior of K8s.\n- DedicatedNode: Each Pod runs on a dedicated node, ensuring that no two Pods share the same node.\n In other words, if a Pod is already running on a node, no other Pods will be scheduled on that node.\n Which provides a higher level of isolation and resource guarantee for Pods.\n\n\n The default value is `SharedNode`." - enum: - - "SharedNode" - - "DedicatedNode" - type: "string" - topologyKeys: - description: "Represents the key of node labels used to define the topology domain for Pod anti-affinity\nand Pod spread constraints.\n\n\nIn K8s, a topology domain is a set of nodes that have the same value for a specific label key.\nNodes with labels containing any of the specified TopologyKeys and identical values are considered\nto be in the same topology domain.\n\n\nNote: The concept of topology in the context of K8s TopologyKeys is different from the concept of\ntopology in the ClusterDefinition.\n\n\nWhen a Pod has anti-affinity or spread constraints specified, Kubernetes will attempt to schedule the\nPod on nodes with different values for the specified TopologyKeys.\nThis ensures that Pods are spread across different topology domains, promoting high availability and\nreducing the impact of node failures.\n\n\nSome well-known label keys, such as `kubernetes.io/hostname` and `topology.kubernetes.io/zone`,\nare often used as TopologyKey.\nThese keys represent the hostname and zone of a node, respectively.\nBy including these keys in the TopologyKeys list, Pods will be spread across nodes with\ndifferent hostnames or zones.\n\n\nIn addition to the well-known keys, users can also specify custom label keys as TopologyKeys.\nThis allows for more flexible and custom topology definitions based on the specific needs\nof the application or environment.\n\n\nThe TopologyKeys field is a slice of strings, where each string represents a label key.\nThe order of the keys in the slice does not matter." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "set" - type: "object" - componentDef: - description: "References the name of a ComponentDefinition object.\nThe ComponentDefinition specifies the behavior and characteristics of the Component.\nIf both `componentDefRef` and `componentDef` are provided,\nthe `componentDef` will take precedence over `componentDefRef`." - maxLength: 64 - pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" - type: "string" - componentDefRef: - description: "References a ClusterComponentDefinition defined in the `clusterDefinition.spec.componentDef` field.\nMust comply with the IANA service naming rule.\n\n\nDeprecated since v0.9,\nbecause defining Components in `clusterDefinition.spec.componentDef` field has been deprecated.\nThis field is replaced by the `componentDef` field, use `componentDef` instead.\nThis field is maintained for backward compatibility and its use is discouraged.\nExisting usage should be updated to the current preferred approach to avoid compatibility issues in future releases.\n\n\nTODO +kubebuilder:validation:XValidation:rule=\"self == oldSelf\",message=\"componentDefRef is immutable\"" - maxLength: 22 - pattern: "^[a-z]([a-z0-9\\-]*[a-z0-9])?$" - type: "string" - configs: - items: - description: "ClusterComponentConfig represents a config with its source bound." - properties: - configMap: - description: "ConfigMap source for the config." - properties: - defaultMode: - description: "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." - format: "int32" - type: "integer" - items: - description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." - items: - description: "Maps a string key to a path within a volume." - properties: - key: - description: "key is the key to project." - type: "string" - mode: - description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." - format: "int32" - type: "integer" - path: - description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." - type: "string" - required: - - "key" - - "path" - type: "object" - type: "array" - name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" - type: "string" - optional: - description: "optional specify whether the ConfigMap or its keys must be defined" - type: "boolean" - type: "object" - x-kubernetes-map-type: "atomic" - name: - description: "The name of the config." - type: "string" - type: "object" - type: "array" - disableExporter: - description: "Determines whether metrics exporter information is annotated on the Component's headless Service.\n\n\nIf set to true, the following annotations will not be patched into the Service:\n\n\n- \"monitor.kubeblocks.io/path\"\n- \"monitor.kubeblocks.io/port\"\n- \"monitor.kubeblocks.io/scheme\"\n\n\nThese annotations allow the Prometheus installed by KubeBlocks to discover and scrape metrics from the exporter." - type: "boolean" - enabledLogs: - description: "Specifies which types of logs should be collected for the Component.\nThe log types are defined in the `componentDefinition.spec.logConfigs` field with the LogConfig entries.\n\n\nThe elements in the `enabledLogs` array correspond to the names of the LogConfig entries.\nFor example, if the `componentDefinition.spec.logConfigs` defines LogConfig entries with\nnames \"slow_query_log\" and \"error_log\",\nyou can enable the collection of these logs by including their names in the `enabledLogs` array:\n```yaml\nenabledLogs:\n- slow_query_log\n- error_log\n```" - items: - type: "string" - type: "array" - x-kubernetes-list-type: "set" - instances: - description: "Allows for the customization of configuration values for each instance within a Component.\nAn instance represent a single replica (Pod and associated K8s resources like PVCs, Services, and ConfigMaps).\nWhile instances typically share a common configuration as defined in the ClusterComponentSpec,\nthey can require unique settings in various scenarios:\n\n\nFor example:\n- A database Component might require different resource allocations for primary and secondary instances,\n with primaries needing more resources.\n- During a rolling upgrade, a Component may first update the image for one or a few instances,\n and then update the remaining instances after verifying that the updated instances are functioning correctly.\n\n\nInstanceTemplate allows for specifying these unique configurations per instance.\nEach instance's name is constructed using the pattern: $(component.name)-$(template.name)-$(ordinal),\nstarting with an ordinal of 0.\nIt is crucial to maintain unique names for each InstanceTemplate to avoid conflicts.\n\n\nThe sum of replicas across all InstanceTemplates should not exceed the total number of replicas specified for the Component.\nAny remaining replicas will be generated using the default template and will follow the default naming rules." - items: - description: "InstanceTemplate allows customization of individual replica configurations in a Component." + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: - annotations: - additionalProperties: - type: "string" - description: "Specifies a map of key-value pairs to be merged into the Pod's existing annotations.\nExisting keys will have their values overwritten, while new keys will be added to the annotations." - type: "object" - env: - description: "Defines Env to override.\nAdd new or override existing envs." + nodeSelectorTerms: + description: "Required. A list of node selector terms. The terms are ORed." items: - description: "EnvVar represents an environment variable present in a Container." + description: "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm." properties: - name: - description: "Name of the environment variable. Must be a C_IDENTIFIER." - type: "string" - value: - description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." - type: "string" - valueFrom: - description: "Source for the environment variable's value. Cannot be used if value is not empty." - properties: - configMapKeyRef: - description: "Selects a key of a ConfigMap." - properties: - key: - description: "The key to select." - type: "string" - name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" - type: "string" - optional: - description: "Specify whether the ConfigMap or its key must be defined" - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." - properties: - apiVersion: - description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." - type: "string" - fieldPath: - description: "Path of the field to select in the specified API version." - type: "string" - required: - - "fieldPath" - type: "object" - x-kubernetes-map-type: "atomic" - resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." - properties: - containerName: - description: "Container name: required for volumes, optional for env vars" + matchExpressions: + description: "A list of node selector requirements by node's labels." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." + items: type: "string" - divisor: - anyOf: - - type: "integer" - - type: "string" - description: "Specifies the output format of the exposed resources, defaults to \"1\"" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchFields: + description: "A list of node selector requirements by node's fields." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." + items: type: "string" - required: - - "resource" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + required: + - "nodeSelectorTerms" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + podAffinity: + description: "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s))." + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." + items: + description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" + properties: + podAffinityTerm: + description: "Required. A pod affinity term, associated with the corresponding weight." + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" - x-kubernetes-map-type: "atomic" - secretKeyRef: - description: "Selects a key of a secret in the pod's namespace" - properties: - key: - description: "The key of the secret to select from. Must be a valid secret key." - type: "string" - name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" - type: "string" - optional: - description: "Specify whether the Secret or its key must be defined" - type: "boolean" - required: - - "key" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" - x-kubernetes-map-type: "atomic" type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." + type: "string" required: - - "name" + - "topologyKey" type: "object" - type: "array" - image: - description: "Specifies an override for the first container's image in the Pod." - type: "string" - labels: - additionalProperties: - type: "string" - description: "Specifies a map of key-value pairs that will be merged into the Pod's existing labels.\nValues for existing keys will be overwritten, and new keys will be added." - type: "object" - name: - description: "Name specifies the unique name of the instance Pod created using this InstanceTemplate.\nThis name is constructed by concatenating the Component's name, the template's name, and the instance's ordinal\nusing the pattern: $(cluster.name)-$(component.name)-$(template.name)-$(ordinal). Ordinals start from 0.\nThe specified name overrides any default naming conventions or patterns." - maxLength: 54 - pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" - type: "string" - replicas: - default: 1 - description: "Specifies the number of instances (Pods) to create from this InstanceTemplate.\nThis field allows setting how many replicated instances of the Component,\nwith the specific overrides in the InstanceTemplate, are created.\nThe default value is 1. A value of 0 disables instance creation." - format: "int32" - minimum: 0.0 - type: "integer" - resources: - description: "Specifies an override for the resource requirements of the first container in the Pod.\nThis field allows for customizing resource allocation (CPU, memory, etc.) for the container." - properties: - claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." - items: - description: "ResourceClaim references one entry in PodSpec.ResourceClaims." - properties: - name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." - type: "string" - required: - - "name" - type: "object" - type: "array" - x-kubernetes-list-map-keys: - - "name" - x-kubernetes-list-type: "map" - limits: - additionalProperties: - anyOf: - - type: "integer" - - type: "string" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: "object" - requests: - additionalProperties: - anyOf: - - type: "integer" - - type: "string" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: "object" - type: "object" - schedulingPolicy: - description: "Specifies the scheduling policy for the Component." - properties: - affinity: - description: "Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity." - properties: - nodeAffinity: - description: "Describes node affinity scheduling rules for the pod." + weight: + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." + format: "int32" + type: "integer" + required: + - "podAffinityTerm" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." + items: + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred." + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: - description: "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." - properties: - preference: - description: "A node selector term, associated with the corresponding weight." - properties: - matchExpressions: - description: "A list of node selector requirements by node's labels." - items: - description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." - properties: - key: - description: "The label key that the selector applies to." - type: "string" - operator: - description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." - type: "string" - values: - description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - matchFields: - description: "A list of node selector requirements by node's fields." - items: - description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." - properties: - key: - description: "The label key that the selector applies to." - type: "string" - operator: - description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." - type: "string" - values: - description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - type: "object" - x-kubernetes-map-type: "atomic" - weight: - description: "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100." - format: "int32" - type: "integer" - required: - - "preference" - - "weight" - type: "object" + type: "string" type: "array" - requiredDuringSchedulingIgnoredDuringExecution: - description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + type: "array" + type: "object" + podAntiAffinity: + description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." + items: + description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" + properties: + podAffinityTerm: + description: "Required. A pod affinity term, associated with the corresponding weight." + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: - nodeSelectorTerms: - description: "Required. A list of node selector terms. The terms are ORed." + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: - description: "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm." - properties: - matchExpressions: - description: "A list of node selector requirements by node's labels." - items: - description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." - properties: - key: - description: "The label key that the selector applies to." - type: "string" - operator: - description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." - type: "string" - values: - description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - matchFields: - description: "A list of node selector requirements by node's fields." - items: - description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." - properties: - key: - description: "The label key that the selector applies to." - type: "string" - operator: - description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." - type: "string" - values: - description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - type: "object" - x-kubernetes-map-type: "atomic" + type: "string" type: "array" required: - - "nodeSelectorTerms" + - "key" + - "operator" type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - podAffinity: - description: "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s))." - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." - items: - description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" - properties: - podAffinityTerm: - description: "Required. A pod affinity term, associated with the corresponding weight." - properties: - labelSelector: - description: "A label query over a set of resources, in this case pods." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaceSelector: - description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." - items: - type: "string" - type: "array" - topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." - type: "string" - required: - - "topologyKey" - type: "object" - weight: - description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." - format: "int32" - type: "integer" - required: - - "podAffinityTerm" - - "weight" - type: "object" - type: "array" - requiredDuringSchedulingIgnoredDuringExecution: - description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." - items: - description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" - properties: - labelSelector: - description: "A label query over a set of resources, in this case pods." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaceSelector: - description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." - items: - type: "string" - type: "array" - topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: type: "string" - required: - - "topologyKey" - type: "object" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + weight: + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." + format: "int32" + type: "integer" + required: + - "podAffinityTerm" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." + items: + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" type: "array" + required: + - "key" + - "operator" type: "object" - podAntiAffinity: - description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." - items: - description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" - properties: - podAffinityTerm: - description: "Required. A pod affinity term, associated with the corresponding weight." - properties: - labelSelector: - description: "A label query over a set of resources, in this case pods." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaceSelector: - description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." - items: - type: "string" - type: "array" - topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." - type: "string" - required: - - "topologyKey" - type: "object" - weight: - description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." - format: "int32" - type: "integer" - required: - - "podAffinityTerm" - - "weight" - type: "object" - type: "array" - requiredDuringSchedulingIgnoredDuringExecution: - description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: - description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" - properties: - labelSelector: - description: "A label query over a set of resources, in this case pods." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaceSelector: - description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." - items: - type: "string" - type: "array" - topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." - type: "string" - required: - - "topologyKey" - type: "object" + type: "string" type: "array" + required: + - "key" + - "operator" type: "object" - type: "object" - nodeName: - description: "NodeName is a request to schedule this Pod onto a specific node. If it is non-empty,\nthe scheduler simply schedules this Pod onto that node, assuming that it fits resource\nrequirements." + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: type: "string" - nodeSelector: - additionalProperties: - type: "string" - description: "NodeSelector is a selector which must be true for the Pod to fit on a node.\nSelector which must match a node's labels for the Pod to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" - type: "object" - x-kubernetes-map-type: "atomic" - schedulerName: - description: "If specified, the Pod will be dispatched by specified scheduler.\nIf not specified, the Pod will be dispatched by default scheduler." + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + type: "array" + type: "object" + type: "object" + nodeName: + description: "NodeName is a request to schedule this Pod onto a specific node. If it is non-empty,\nthe scheduler simply schedules this Pod onto that node, assuming that it fits resource\nrequirements." + type: "string" + nodeSelector: + additionalProperties: + type: "string" + description: "NodeSelector is a selector which must be true for the Pod to fit on a node.\nSelector which must match a node's labels for the Pod to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" + type: "object" + x-kubernetes-map-type: "atomic" + schedulerName: + description: "If specified, the Pod will be dispatched by specified scheduler.\nIf not specified, the Pod will be dispatched by default scheduler." + type: "string" + tolerations: + description: "Allows Pods to be scheduled onto nodes with matching taints.\nEach toleration in the array allows the Pod to tolerate node taints based on\nspecified `key`, `value`, `effect`, and `operator`.\n\n\n- The `key`, `value`, and `effect` identify the taint that the toleration matches.\n- The `operator` determines how the toleration matches the taint.\n\n\nPods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes." + items: + description: "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ." + properties: + effect: + description: "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + type: "string" + key: + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys." + type: "string" + operator: + description: "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category." + type: "string" + tolerationSeconds: + description: "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system." + format: "int64" + type: "integer" + value: + description: "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string." + type: "string" + type: "object" + type: "array" + topologySpreadConstraints: + description: "TopologySpreadConstraints describes how a group of Pods ought to spread across topology\ndomains. Scheduler will schedule Pods in a way which abides by the constraints.\nAll topologySpreadConstraints are ANDed." + items: + description: "TopologySpreadConstraint specifies how to spread matching pods among the given topology." + properties: + labelSelector: + description: "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." type: "string" - tolerations: - description: "Allows Pods to be scheduled onto nodes with matching taints.\nEach toleration in the array allows the Pod to tolerate node taints based on\nspecified `key`, `value`, `effect`, and `operator`.\n\n\n- The `key`, `value`, and `effect` identify the taint that the toleration matches.\n- The `operator` determines how the toleration matches the taint.\n\n\nPods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes." - items: - description: "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ." - properties: - effect: - description: "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." - type: "string" - key: - description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys." - type: "string" - operator: - description: "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category." - type: "string" - tolerationSeconds: - description: "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system." - format: "int64" - type: "integer" - value: - description: "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string." - type: "string" - type: "object" - type: "array" - topologySpreadConstraints: - description: "TopologySpreadConstraints describes how a group of Pods ought to spread across topology\ndomains. Scheduler will schedule Pods in a way which abides by the constraints.\nAll topologySpreadConstraints are ANDed." + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: - description: "TopologySpreadConstraint specifies how to spread matching pods among the given topology." - properties: - labelSelector: - description: "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - maxSkew: - description: "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed." - format: "int32" - type: "integer" - minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.\n\n\nThis is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default)." - format: "int32" - type: "integer" - nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." - type: "string" - nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." - type: "string" - topologyKey: - description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." - type: "string" - whenUnsatisfiable: - description: "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field." - type: "string" - required: - - "maxSkew" - - "topologyKey" - - "whenUnsatisfiable" - type: "object" + type: "string" type: "array" + required: + - "key" + - "operator" type: "object" - volumeClaimTemplates: - description: "Defines VolumeClaimTemplates to override.\nAdd new or override existing volume claim templates." - items: - properties: - name: - description: "Refers to the name of a volumeMount defined in either:\n\n\n- `componentDefinition.spec.runtime.containers[*].volumeMounts`\n- `clusterDefinition.spec.componentDefs[*].podSpec.containers[*].volumeMounts` (deprecated)\n\n\nThe value of `name` must match the `name` field of a volumeMount specified in the corresponding `volumeMounts` array." - type: "string" - spec: - description: "Defines the desired characteristics of a PersistentVolumeClaim that will be created for the volume\nwith the mount name specified in the `name` field.\n\n\nWhen a Pod is created for this ClusterComponent, a new PVC will be created based on the specification\ndefined in the `spec` field. The PVC will be associated with the volume mount specified by the `name` field." - properties: - accessModes: - description: "Contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1." - items: - type: "string" - type: "array" - x-kubernetes-preserve-unknown-fields: true - resources: - description: "Represents the minimum resources the volume should have.\nIf the RecoverVolumeExpansionFailure feature is enabled, users are allowed to specify resource requirements that\nare lower than the previous value but must still be higher than the capacity recorded in the status field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources." - properties: - claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." - items: - description: "ResourceClaim references one entry in PodSpec.ResourceClaims." - properties: - name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." - type: "string" - required: - - "name" - type: "object" - type: "array" - x-kubernetes-list-map-keys: - - "name" - x-kubernetes-list-type: "map" - limits: - additionalProperties: - anyOf: - - type: "integer" - - type: "string" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: "object" - requests: - additionalProperties: - anyOf: - - type: "integer" - - type: "string" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: "object" - type: "object" - x-kubernetes-preserve-unknown-fields: true - storageClassName: - description: "The name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1." - type: "string" - volumeMode: - description: "Defines what type of volume is required by the claim, either Block or Filesystem." - type: "string" - type: "object" - required: - - "name" - type: "object" - type: "array" - volumeMounts: - description: "Defines VolumeMounts to override.\nAdd new or override existing volume mounts of the first container in the Pod." - items: - description: "VolumeMount describes a mounting of a Volume within a container." - properties: - mountPath: - description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." - type: "string" - mountPropagation: - description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." - type: "string" - name: - description: "This must match the Name of a Volume." - type: "string" - readOnly: - description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." - type: "boolean" - subPath: - description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." - type: "string" - subPathExpr: - description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." - type: "string" - required: - - "mountPath" - - "name" - type: "object" - type: "array" - volumes: - description: "Defines Volumes to override.\nAdd new or override existing volumes." - items: - description: "Volume represents a named volume in a pod that may be accessed by any container in the pod." - properties: - awsElasticBlockStore: - description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" - properties: - fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" - type: "string" - partition: - description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." - format: "int32" - type: "integer" - readOnly: - description: "readOnly value true will force the readOnly setting in VolumeMounts.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" - type: "boolean" - volumeID: - description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" - type: "string" - required: - - "volumeID" - type: "object" - azureDisk: - description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod." - properties: - cachingMode: - description: "cachingMode is the Host Caching mode: None, Read Only, Read Write." - type: "string" - diskName: - description: "diskName is the Name of the data disk in the blob storage" - type: "string" - diskURI: - description: "diskURI is the URI of data disk in the blob storage" - type: "string" - fsType: - description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." - type: "string" - kind: - description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" - type: "string" - readOnly: - description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." - type: "boolean" - required: - - "diskName" - - "diskURI" - type: "object" - azureFile: - description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod." - properties: - readOnly: - description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." - type: "boolean" - secretName: - description: "secretName is the name of secret that contains Azure Storage Account Name and Key" - type: "string" - shareName: - description: "shareName is the azure share Name" - type: "string" - required: - - "secretName" - - "shareName" - type: "object" - cephfs: - description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime" - properties: - monitors: + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + maxSkew: + description: "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed." + format: "int32" + type: "integer" + minDomains: + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.\n\n\nThis is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default)." + format: "int32" + type: "integer" + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: "string" + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: "string" + topologyKey: + description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." + type: "string" + whenUnsatisfiable: + description: "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field." + type: "string" + required: + - "maxSkew" + - "topologyKey" + - "whenUnsatisfiable" + type: "object" + type: "array" + type: "object" + services: + description: "Defines a list of additional Services that are exposed by a Cluster.\nThis field allows Services of selected Components, either from `componentSpecs` or `shardingSpecs` to be exposed,\nalongside Services defined with ComponentService.\n\n\nServices defined here can be referenced by other clusters using the ServiceRefClusterSelector." + items: + description: "ClusterService defines a service that is exposed externally, allowing entities outside the cluster to access it.\nFor example, external applications, or other Clusters.\nAnd another Cluster managed by the same KubeBlocks operator can resolve the address exposed by a ClusterService\nusing the `serviceRef` field.\n\n\nWhen a Component needs to access another Cluster's ClusterService using the `serviceRef` field,\nit must also define the service type and version information in the `componentDefinition.spec.serviceRefDeclarations`\nsection." + properties: + annotations: + additionalProperties: + type: "string" + description: "If ServiceType is LoadBalancer, cloud provider related parameters can be put here\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer." + type: "object" + componentSelector: + description: "Extends the ServiceSpec.Selector by allowing the specification of a component, to be used as a selector for the service.\nNote that this and the `shardingSelector` are mutually exclusive and cannot be set simultaneously." + type: "string" + name: + description: "Name defines the name of the service.\notherwise, it indicates the name of the service.\nOthers can refer to this service by its name. (e.g., connection credential)\nCannot be updated." + maxLength: 25 + type: "string" + roleSelector: + description: "Extends the above `serviceSpec.selector` by allowing you to specify defined role as selector for the service.\nWhen `roleSelector` is set, it adds a label selector \"kubeblocks.io/role: {roleSelector}\"\nto the `serviceSpec.selector`.\nExample usage:\n\n\n\t roleSelector: \"leader\"\n\n\nIn this example, setting `roleSelector` to \"leader\" will add a label selector\n\"kubeblocks.io/role: leader\" to the `serviceSpec.selector`.\nThis means that the service will select and route traffic to Pods with the label\n\"kubeblocks.io/role\" set to \"leader\".\n\n\nNote that if `podService` sets to true, RoleSelector will be ignored.\nThe `podService` flag takes precedence over `roleSelector` and generates a service for each Pod." + type: "string" + serviceName: + description: "ServiceName defines the name of the underlying service object.\nIf not specified, the default service name with different patterns will be used:\n\n\n- CLUSTER_NAME: for cluster-level services\n- CLUSTER_NAME-COMPONENT_NAME: for component-level services\n\n\nOnly one default service name is allowed.\nCannot be updated." + maxLength: 25 + pattern: "^[a-z]([a-z0-9\\-]*[a-z0-9])?$" + type: "string" + shardingSelector: + description: "Extends the ServiceSpec.Selector by allowing the specification of a sharding name, which is defined in\n`cluster.spec.shardingSpecs[*].name`, to be used as a selector for the service.\nNote that this and the `componentSelector` are mutually exclusive and cannot be set simultaneously." + type: "string" + spec: + description: "Spec defines the behavior of a service.\nhttps://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + properties: + allocateLoadBalancerNodePorts: + description: "allocateLoadBalancerNodePorts defines if NodePorts will be automatically\nallocated for services with type LoadBalancer. Default is \"true\". It\nmay be set to \"false\" if the cluster load-balancer does not rely on\nNodePorts. If the caller requests specific NodePorts (by specifying a\nvalue), those requests will be respected, regardless of this field.\nThis field may only be set for services with type LoadBalancer and will\nbe cleared if the type is changed to any other type." + type: "boolean" + clusterIP: + description: "clusterIP is the IP address of the service and is usually assigned\nrandomly. If an address is specified manually, is in-range (as per\nsystem configuration), and is not in use, it will be allocated to the\nservice; otherwise creation of the service will fail. This field may not\nbe changed through updates unless the type field is also being changed\nto ExternalName (which requires this field to be blank) or the type\nfield is being changed from ExternalName (in which case this field may\noptionally be specified, as describe above). Valid values are \"None\",\nempty string (\"\"), or a valid IP address. Setting this to \"None\" makes a\n\"headless service\" (no virtual IP), which is useful when direct endpoint\nconnections are preferred and proxying is not required. Only applies to\ntypes ClusterIP, NodePort, and LoadBalancer. If this field is specified\nwhen creating a Service of type ExternalName, creation will fail. This\nfield will be wiped when updating a Service to type ExternalName.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + type: "string" + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + externalIPs: + description: "externalIPs is a list of IP addresses for which nodes in the cluster\nwill also accept traffic for this service. These IPs are not managed by\nKubernetes. The user is responsible for ensuring that traffic arrives\nat a node with this IP. A common example is external load-balancers\nthat are not part of the Kubernetes system." + items: + type: "string" + type: "array" + externalName: + description: "externalName is the external reference that discovery mechanisms will\nreturn as an alias for this service (e.g. a DNS CNAME record). No\nproxying will be involved. Must be a lowercase RFC-1123 hostname\n(https://tools.ietf.org/html/rfc1123) and requires `type` to be \"ExternalName\"." + type: "string" + externalTrafficPolicy: + description: "externalTrafficPolicy describes how nodes distribute service traffic they\nreceive on one of the Service's \"externally-facing\" addresses (NodePorts,\nExternalIPs, and LoadBalancer IPs). If set to \"Local\", the proxy will configure\nthe service in a way that assumes that external load balancers will take care\nof balancing the service traffic between nodes, and so each node will deliver\ntraffic only to the node-local endpoints of the service, without masquerading\nthe client source IP. (Traffic mistakenly sent to a node with no endpoints will\nbe dropped.) The default value, \"Cluster\", uses the standard behavior of\nrouting to all endpoints evenly (possibly modified by topology and other\nfeatures). Note that traffic sent to an External IP or LoadBalancer IP from\nwithin the cluster will always get \"Cluster\" semantics, but clients sending to\na NodePort from within the cluster may need to take traffic policy into account\nwhen picking a node." + type: "string" + healthCheckNodePort: + description: "healthCheckNodePort specifies the healthcheck nodePort for the service.\nThis only applies when type is set to LoadBalancer and\nexternalTrafficPolicy is set to Local. If a value is specified, is\nin-range, and is not in use, it will be used. If not specified, a value\nwill be automatically allocated. External systems (e.g. load-balancers)\ncan use this port to determine if a given node holds endpoints for this\nservice or not. If this field is specified when creating a Service\nwhich does not need it, creation will fail. This field will be wiped\nwhen updating a Service to no longer need it (e.g. changing type).\nThis field cannot be updated once set." + format: "int32" + type: "integer" + internalTrafficPolicy: + description: "InternalTrafficPolicy describes how nodes distribute service traffic they\nreceive on the ClusterIP. If set to \"Local\", the proxy will assume that pods\nonly want to talk to endpoints of the service on the same node as the pod,\ndropping the traffic if there are no local endpoints. The default value,\n\"Cluster\", uses the standard behavior of routing to all endpoints evenly\n(possibly modified by topology and other features)." + type: "string" + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field." + items: + description: "IPFamily represents the IP Family (IPv4 or IPv6). This type is used\nto express the family of an IP expressed by a type (e.g. service.spec.ipFamilies)." + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + ipFamilyPolicy: + description: "IPFamilyPolicy represents the dual-stack-ness requested or required by\nthis Service. If there is no value provided, then this field will be set\nto SingleStack. Services can be \"SingleStack\" (a single IP family),\n\"PreferDualStack\" (two IP families on dual-stack configured clusters or\na single IP family on single-stack clusters), or \"RequireDualStack\"\n(two IP families on dual-stack configured clusters, otherwise fail). The\nipFamilies and clusterIPs fields depend on the value of this field. This\nfield will be wiped when updating a service to type ExternalName." + type: "string" + loadBalancerClass: + description: "loadBalancerClass is the class of the load balancer implementation this Service belongs to.\nIf specified, the value of this field must be a label-style identifier, with an optional prefix,\ne.g. \"internal-vip\" or \"example.com/internal-vip\". Unprefixed names are reserved for end-users.\nThis field can only be set when the Service type is 'LoadBalancer'. If not set, the default load\nbalancer implementation is used, today this is typically done through the cloud provider integration,\nbut should apply for any default implementation. If set, it is assumed that a load balancer\nimplementation is watching for Services with a matching class. Any default load balancer\nimplementation (e.g. cloud providers) should ignore Services that set this field.\nThis field can only be set when creating or updating a Service to type 'LoadBalancer'.\nOnce set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type." + type: "string" + loadBalancerIP: + description: "Only applies to Service Type: LoadBalancer.\nThis feature depends on whether the underlying cloud-provider supports specifying\nthe loadBalancerIP when a load balancer is created.\nThis field will be ignored if the cloud-provider does not support the feature.\nDeprecated: This field was under-specified and its meaning varies across implementations.\nUsing it is non-portable and it may not support dual-stack.\nUsers are encouraged to use implementation-specific annotations when available." + type: "string" + loadBalancerSourceRanges: + description: "If specified and supported by the platform, this will restrict traffic through the cloud-provider\nload-balancer will be restricted to the specified client IPs. This field will be ignored if the\ncloud-provider does not support the feature.\"\nMore info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/" + items: + type: "string" + type: "array" + ports: + description: "The list of ports that are exposed by this service.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + description: "ServicePort contains information on service's port." + properties: + appProtocol: + description: "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol." + type: "string" + name: + description: "The name of this port within the service. This must be a DNS_LABEL.\nAll ports within a ServiceSpec must have unique names. When considering\nthe endpoints for a Service, this must match the 'name' field in the\nEndpointPort.\nOptional if only one ServicePort is defined on this service." + type: "string" + nodePort: + description: "The port on each node on which this service is exposed when type is\nNodePort or LoadBalancer. Usually assigned by the system. If a value is\nspecified, in-range, and not in use it will be used, otherwise the\noperation will fail. If not specified, a port will be allocated if this\nService requires one. If this field is specified when creating a\nService which does not need it, creation will fail. This field will be\nwiped when updating a Service to no longer need it (e.g. changing type\nfrom NodePort to ClusterIP).\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport" + format: "int32" + type: "integer" + port: + description: "The port that will be exposed by this service." + format: "int32" + type: "integer" + protocol: + default: "TCP" + description: "The IP protocol for this port. Supports \"TCP\", \"UDP\", and \"SCTP\".\nDefault is TCP." + type: "string" + targetPort: + anyOf: + - type: "integer" + - type: "string" + description: "Number or name of the port to access on the pods targeted by the service.\nNumber must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.\nIf this is a string, it will be looked up as a named port in the\ntarget Pod's container ports. If this is not specified, the value\nof the 'port' field is used (an identity map).\nThis field is ignored for services with clusterIP=None, and should be\nomitted or set equal to the 'port' field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service" + x-kubernetes-int-or-string: true + required: + - "port" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "port" + - "protocol" + x-kubernetes-list-type: "map" + publishNotReadyAddresses: + description: "publishNotReadyAddresses indicates that any agent which deals with endpoints for this\nService should disregard any indications of ready/not-ready.\nThe primary use case for setting this field is for a StatefulSet's Headless Service to\npropagate SRV DNS records for its Pods for the purpose of peer discovery.\nThe Kubernetes controllers that generate Endpoints and EndpointSlice resources for\nServices interpret this to mean that all endpoints are considered \"ready\" even if the\nPods themselves are not. Agents which consume only Kubernetes generated endpoints\nthrough the Endpoints or EndpointSlice resources can safely assume this behavior." + type: "boolean" + selector: + additionalProperties: + type: "string" + description: "Route service traffic to pods with label keys and values matching this\nselector. If empty or not present, the service is assumed to have an\nexternal process managing its endpoints, which Kubernetes will not\nmodify. Only applies to types ClusterIP, NodePort, and LoadBalancer.\nIgnored if type is ExternalName.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/" + type: "object" + x-kubernetes-map-type: "atomic" + sessionAffinity: + description: "Supports \"ClientIP\" and \"None\". Used to maintain session affinity.\nEnable client IP based session affinity.\nMust be ClientIP or None.\nDefaults to None.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + type: "string" + sessionAffinityConfig: + description: "sessionAffinityConfig contains the configurations of session affinity." + properties: + clientIP: + description: "clientIP contains the configurations of Client IP based session affinity." + properties: + timeoutSeconds: + description: "timeoutSeconds specifies the seconds of ClientIP type session sticky time.\nThe value must be >0 && <=86400(for 1 day) if ServiceAffinity == \"ClientIP\".\nDefault value is 10800(for 3 hours)." + format: "int32" + type: "integer" + type: "object" + type: "object" + type: + description: "type determines how the Service is exposed. Defaults to ClusterIP. Valid\noptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.\n\"ClusterIP\" allocates a cluster-internal IP address for load-balancing\nto endpoints. Endpoints are determined by the selector or if that is not\nspecified, by manual construction of an Endpoints object or\nEndpointSlice objects. If clusterIP is \"None\", no virtual IP is\nallocated and the endpoints are published as a set of endpoints rather\nthan a virtual IP.\n\"NodePort\" builds on ClusterIP and allocates a port on every node which\nroutes to the same endpoints as the clusterIP.\n\"LoadBalancer\" builds on NodePort and creates an external load-balancer\n(if supported in the current cloud) which routes to the same endpoints\nas the clusterIP.\n\"ExternalName\" aliases this service to the specified externalName.\nSeveral other fields do not apply to ExternalName services.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types" + type: "string" + type: "object" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-preserve-unknown-fields: true + shardingSpecs: + description: "Specifies a list of ShardingSpec objects that manage the sharding topology for Cluster Components.\nEach ShardingSpec organizes components into shards, with each shard corresponding to a Component.\nComponents within a shard are all based on a common ClusterComponentSpec template, ensuring uniform configurations.\n\n\nThis field supports dynamic resharding by facilitating the addition or removal of shards\nthrough the `shards` field in ShardingSpec.\n\n\nNote: `shardingSpecs` and `componentSpecs` cannot both be empty; at least one must be defined to configure a Cluster." + items: + description: "ShardingSpec defines how KubeBlocks manage dynamic provisioned shards.\nA typical design pattern for distributed databases is to distribute data across multiple shards,\nwith each shard consisting of multiple replicas.\nTherefore, KubeBlocks supports representing a shard with a Component and dynamically instantiating Components\nusing a template when shards are added.\nWhen shards are removed, the corresponding Components are also deleted." + properties: + name: + description: "Represents the common parent part of all shard names.\nThis identifier is included as part of the Service DNS name and must comply with IANA service naming rules.\nIt is used to generate the names of underlying Components following the pattern `$(shardingSpec.name)-$(ShardID)`.\nShardID is a random string that is appended to the Name to generate unique identifiers for each shard.\nFor example, if the sharding specification name is \"my-shard\" and the ShardID is \"abc\", the resulting Component name\nwould be \"my-shard-abc\".\n\n\nNote that the name defined in Component template(`shardingSpec.template.name`) will be disregarded\nwhen generating the Component names of the shards. The `shardingSpec.name` field takes precedence." + maxLength: 15 + pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" + type: "string" + x-kubernetes-validations: + - message: "name is immutable" + rule: "self == oldSelf" + shards: + description: "Specifies the desired number of shards.\nUsers can declare the desired number of shards through this field.\nKubeBlocks dynamically creates and deletes Components based on the difference\nbetween the desired and actual number of shards.\nKubeBlocks provides lifecycle management for sharding, including:\n\n\n- Executing the postProvision Action defined in the ComponentDefinition when the number of shards increases.\n This allows for custom actions to be performed after a new shard is provisioned.\n- Executing the preTerminate Action defined in the ComponentDefinition when the number of shards decreases.\n This enables custom cleanup or data migration tasks to be executed before a shard is terminated.\n Resources and data associated with the corresponding Component will also be deleted." + format: "int32" + maximum: 2048.0 + minimum: 0.0 + type: "integer" + template: + description: "The template for generating Components for shards, where each shard consists of one Component.\nThis field is of type ClusterComponentSpec, which encapsulates all the required details and\ndefinitions for creating and managing the Components.\nKubeBlocks uses this template to generate a set of identical Components or shards.\nAll the generated Components will have the same specifications and definitions as specified in the `template` field.\n\n\nThis allows for the creation of multiple Components with consistent configurations,\nenabling sharding and distribution of workloads across Components." + properties: + affinity: + description: "Specifies a group of affinity scheduling rules for the Component.\nIt allows users to control how the Component's Pods are scheduled onto nodes in the K8s cluster.\n\n\nDeprecated since v0.10, replaced by the `schedulingPolicy` field." + properties: + nodeLabels: + additionalProperties: + type: "string" + description: "Indicates the node labels that must be present on nodes for pods to be scheduled on them.\nIt is a map where the keys are the label keys and the values are the corresponding label values.\nPods will only be scheduled on nodes that have all the specified labels with the corresponding values.\n\n\nFor example, if NodeLabels is set to {\"nodeType\": \"ssd\", \"environment\": \"production\"},\npods will only be scheduled on nodes that have both the \"nodeType\" label with value \"ssd\"\nand the \"environment\" label with value \"production\".\n\n\nThis field allows users to control Pod placement based on specific node labels.\nIt can be used to ensure that Pods are scheduled on nodes with certain characteristics,\nsuch as specific hardware (e.g., SSD), environment (e.g., production, staging),\nor any other custom labels assigned to nodes." + type: "object" + podAntiAffinity: + default: "Preferred" + description: "Specifies the anti-affinity level of Pods within a Component.\nIt determines how pods should be spread across nodes to improve availability and performance.\nIt can have the following values: `Preferred` and `Required`.\nThe default value is `Preferred`." + enum: + - "Preferred" + - "Required" + type: "string" + tenancy: + default: "SharedNode" + description: "Determines the level of resource isolation between Pods.\nIt can have the following values: `SharedNode` and `DedicatedNode`.\n\n\n- SharedNode: Allow that multiple Pods may share the same node, which is the default behavior of K8s.\n- DedicatedNode: Each Pod runs on a dedicated node, ensuring that no two Pods share the same node.\n In other words, if a Pod is already running on a node, no other Pods will be scheduled on that node.\n Which provides a higher level of isolation and resource guarantee for Pods.\n\n\n The default value is `SharedNode`." + enum: + - "SharedNode" + - "DedicatedNode" + type: "string" + topologyKeys: + description: "Represents the key of node labels used to define the topology domain for Pod anti-affinity\nand Pod spread constraints.\n\n\nIn K8s, a topology domain is a set of nodes that have the same value for a specific label key.\nNodes with labels containing any of the specified TopologyKeys and identical values are considered\nto be in the same topology domain.\n\n\nNote: The concept of topology in the context of K8s TopologyKeys is different from the concept of\ntopology in the ClusterDefinition.\n\n\nWhen a Pod has anti-affinity or spread constraints specified, Kubernetes will attempt to schedule the\nPod on nodes with different values for the specified TopologyKeys.\nThis ensures that Pods are spread across different topology domains, promoting high availability and\nreducing the impact of node failures.\n\n\nSome well-known label keys, such as `kubernetes.io/hostname` and `topology.kubernetes.io/zone`,\nare often used as TopologyKey.\nThese keys represent the hostname and zone of a node, respectively.\nBy including these keys in the TopologyKeys list, Pods will be spread across nodes with\ndifferent hostnames or zones.\n\n\nIn addition to the well-known keys, users can also specify custom label keys as TopologyKeys.\nThis allows for more flexible and custom topology definitions based on the specific needs\nof the application or environment.\n\n\nThe TopologyKeys field is a slice of strings, where each string represents a label key.\nThe order of the keys in the slice does not matter." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "set" + type: "object" + annotations: + additionalProperties: + type: "string" + description: "Specifies Annotations to override or add for underlying Pods." + type: "object" + componentDef: + description: "References the name of a ComponentDefinition object.\nThe ComponentDefinition specifies the behavior and characteristics of the Component.\nIf both `componentDefRef` and `componentDef` are provided,\nthe `componentDef` will take precedence over `componentDefRef`." + maxLength: 64 + pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" + type: "string" + componentDefRef: + description: "References a ClusterComponentDefinition defined in the `clusterDefinition.spec.componentDef` field.\nMust comply with the IANA service naming rule.\n\n\nDeprecated since v0.9,\nbecause defining Components in `clusterDefinition.spec.componentDef` field has been deprecated.\nThis field is replaced by the `componentDef` field, use `componentDef` instead.\nThis field is maintained for backward compatibility and its use is discouraged.\nExisting usage should be updated to the current preferred approach to avoid compatibility issues in future releases.\n\n\nTODO +kubebuilder:validation:XValidation:rule=\"self == oldSelf\",message=\"componentDefRef is immutable\"" + maxLength: 22 + pattern: "^[a-z]([a-z0-9\\-]*[a-z0-9])?$" + type: "string" + configs: + description: "Specifies the configuration content of a config template." + items: + description: "ClusterComponentConfig represents a config with its source bound." + properties: + configMap: + description: "ConfigMap source for the config." + properties: + defaultMode: + description: "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional specify whether the ConfigMap or its keys must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + name: + description: "The name of the config." + type: "string" + type: "object" + type: "array" + disableExporter: + description: "Determines whether metrics exporter information is annotated on the Component's headless Service.\n\n\nIf set to true, the following annotations will not be patched into the Service:\n\n\n- \"monitor.kubeblocks.io/path\"\n- \"monitor.kubeblocks.io/port\"\n- \"monitor.kubeblocks.io/scheme\"\n\n\nThese annotations allow the Prometheus installed by KubeBlocks to discover and scrape metrics from the exporter." + type: "boolean" + enabledLogs: + description: "Specifies which types of logs should be collected for the Component.\nThe log types are defined in the `componentDefinition.spec.logConfigs` field with the LogConfig entries.\n\n\nThe elements in the `enabledLogs` array correspond to the names of the LogConfig entries.\nFor example, if the `componentDefinition.spec.logConfigs` defines LogConfig entries with\nnames \"slow_query_log\" and \"error_log\",\nyou can enable the collection of these logs by including their names in the `enabledLogs` array:\n```yaml\nenabledLogs:\n- slow_query_log\n- error_log\n```" + items: + type: "string" + type: "array" + x-kubernetes-list-type: "set" + env: + description: "List of environment variables to add.\nThese environment variables will be placed after the environment variables declared in the Pod." + items: + description: "EnvVar represents an environment variable present in a Container." + properties: + name: + description: "Name of the environment variable. Must be a C_IDENTIFIER." + type: "string" + value: + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." + type: "string" + valueFrom: + description: "Source for the environment variable's value. Cannot be used if value is not empty." + properties: + configMapKeyRef: + description: "Selects a key of a ConfigMap." + properties: + key: + description: "The key to select." + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + fieldRef: + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + required: + - "name" + type: "object" + type: "array" + instances: + description: "Allows for the customization of configuration values for each instance within a Component.\nAn instance represent a single replica (Pod and associated K8s resources like PVCs, Services, and ConfigMaps).\nWhile instances typically share a common configuration as defined in the ClusterComponentSpec,\nthey can require unique settings in various scenarios:\n\n\nFor example:\n- A database Component might require different resource allocations for primary and secondary instances,\n with primaries needing more resources.\n- During a rolling upgrade, a Component may first update the image for one or a few instances,\n and then update the remaining instances after verifying that the updated instances are functioning correctly.\n\n\nInstanceTemplate allows for specifying these unique configurations per instance.\nEach instance's name is constructed using the pattern: $(component.name)-$(template.name)-$(ordinal),\nstarting with an ordinal of 0.\nIt is crucial to maintain unique names for each InstanceTemplate to avoid conflicts.\n\n\nThe sum of replicas across all InstanceTemplates should not exceed the total number of replicas specified for the Component.\nAny remaining replicas will be generated using the default template and will follow the default naming rules." + items: + description: "InstanceTemplate allows customization of individual replica configurations in a Component." + properties: + annotations: + additionalProperties: + type: "string" + description: "Specifies a map of key-value pairs to be merged into the Pod's existing annotations.\nExisting keys will have their values overwritten, while new keys will be added to the annotations." + type: "object" + env: + description: "Defines Env to override.\nAdd new or override existing envs." + items: + description: "EnvVar represents an environment variable present in a Container." + properties: + name: + description: "Name of the environment variable. Must be a C_IDENTIFIER." + type: "string" + value: + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." + type: "string" + valueFrom: + description: "Source for the environment variable's value. Cannot be used if value is not empty." + properties: + configMapKeyRef: + description: "Selects a key of a ConfigMap." + properties: + key: + description: "The key to select." + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + fieldRef: + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + required: + - "name" + type: "object" + type: "array" + image: + description: "Specifies an override for the first container's image in the Pod." + type: "string" + labels: + additionalProperties: + type: "string" + description: "Specifies a map of key-value pairs that will be merged into the Pod's existing labels.\nValues for existing keys will be overwritten, and new keys will be added." + type: "object" + name: + description: "Name specifies the unique name of the instance Pod created using this InstanceTemplate.\nThis name is constructed by concatenating the Component's name, the template's name, and the instance's ordinal\nusing the pattern: $(cluster.name)-$(component.name)-$(template.name)-$(ordinal). Ordinals start from 0.\nThe specified name overrides any default naming conventions or patterns." + maxLength: 54 + pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" + type: "string" + replicas: + default: 1 + description: "Specifies the number of instances (Pods) to create from this InstanceTemplate.\nThis field allows setting how many replicated instances of the Component,\nwith the specific overrides in the InstanceTemplate, are created.\nThe default value is 1. A value of 0 disables instance creation." + format: "int32" + minimum: 0.0 + type: "integer" + resources: + description: "Specifies an override for the resource requirements of the first container in the Pod.\nThis field allows for customizing resource allocation (CPU, memory, etc.) for the container." + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + schedulingPolicy: + description: "Specifies the scheduling policy for the Component." + properties: + affinity: + description: "Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity." + properties: + nodeAffinity: + description: "Describes node affinity scheduling rules for the pod." + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred." + items: + description: "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." + properties: + preference: + description: "A node selector term, associated with the corresponding weight." + properties: + matchExpressions: + description: "A list of node selector requirements by node's labels." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchFields: + description: "A list of node selector requirements by node's fields." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + type: "object" + x-kubernetes-map-type: "atomic" + weight: + description: "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100." + format: "int32" + type: "integer" + required: + - "preference" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." + properties: + nodeSelectorTerms: + description: "Required. A list of node selector terms. The terms are ORed." + items: + description: "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm." + properties: + matchExpressions: + description: "A list of node selector requirements by node's labels." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchFields: + description: "A list of node selector requirements by node's fields." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + required: + - "nodeSelectorTerms" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + podAffinity: + description: "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s))." + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." + items: + description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" + properties: + podAffinityTerm: + description: "Required. A pod affinity term, associated with the corresponding weight." + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + weight: + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." + format: "int32" + type: "integer" + required: + - "podAffinityTerm" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." + items: + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + type: "array" + type: "object" + podAntiAffinity: + description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." + items: + description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" + properties: + podAffinityTerm: + description: "Required. A pod affinity term, associated with the corresponding weight." + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + weight: + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." + format: "int32" + type: "integer" + required: + - "podAffinityTerm" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." + items: + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + type: "array" + type: "object" + type: "object" + nodeName: + description: "NodeName is a request to schedule this Pod onto a specific node. If it is non-empty,\nthe scheduler simply schedules this Pod onto that node, assuming that it fits resource\nrequirements." + type: "string" + nodeSelector: + additionalProperties: + type: "string" + description: "NodeSelector is a selector which must be true for the Pod to fit on a node.\nSelector which must match a node's labels for the Pod to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" + type: "object" + x-kubernetes-map-type: "atomic" + schedulerName: + description: "If specified, the Pod will be dispatched by specified scheduler.\nIf not specified, the Pod will be dispatched by default scheduler." + type: "string" + tolerations: + description: "Allows Pods to be scheduled onto nodes with matching taints.\nEach toleration in the array allows the Pod to tolerate node taints based on\nspecified `key`, `value`, `effect`, and `operator`.\n\n\n- The `key`, `value`, and `effect` identify the taint that the toleration matches.\n- The `operator` determines how the toleration matches the taint.\n\n\nPods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes." + items: + description: "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ." + properties: + effect: + description: "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + type: "string" + key: + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys." + type: "string" + operator: + description: "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category." + type: "string" + tolerationSeconds: + description: "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system." + format: "int64" + type: "integer" + value: + description: "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string." + type: "string" + type: "object" + type: "array" + topologySpreadConstraints: + description: "TopologySpreadConstraints describes how a group of Pods ought to spread across topology\ndomains. Scheduler will schedule Pods in a way which abides by the constraints.\nAll topologySpreadConstraints are ANDed." + items: + description: "TopologySpreadConstraint specifies how to spread matching pods among the given topology." + properties: + labelSelector: + description: "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + maxSkew: + description: "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed." + format: "int32" + type: "integer" + minDomains: + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.\n\n\nThis is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default)." + format: "int32" + type: "integer" + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: "string" + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: "string" + topologyKey: + description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." + type: "string" + whenUnsatisfiable: + description: "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field." + type: "string" + required: + - "maxSkew" + - "topologyKey" + - "whenUnsatisfiable" + type: "object" + type: "array" + type: "object" + volumeClaimTemplates: + description: "Defines VolumeClaimTemplates to override.\nAdd new or override existing volume claim templates." + items: + properties: + name: + description: "Refers to the name of a volumeMount defined in either:\n\n\n- `componentDefinition.spec.runtime.containers[*].volumeMounts`\n- `clusterDefinition.spec.componentDefs[*].podSpec.containers[*].volumeMounts` (deprecated)\n\n\nThe value of `name` must match the `name` field of a volumeMount specified in the corresponding `volumeMounts` array." + type: "string" + spec: + description: "Defines the desired characteristics of a PersistentVolumeClaim that will be created for the volume\nwith the mount name specified in the `name` field.\n\n\nWhen a Pod is created for this ClusterComponent, a new PVC will be created based on the specification\ndefined in the `spec` field. The PVC will be associated with the volume mount specified by the `name` field." + properties: + accessModes: + description: "Contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1." + items: + type: "string" + type: "array" + x-kubernetes-preserve-unknown-fields: true + resources: + description: "Represents the minimum resources the volume should have.\nIf the RecoverVolumeExpansionFailure feature is enabled, users are allowed to specify resource requirements that\nare lower than the previous value but must still be higher than the capacity recorded in the status field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources." + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + x-kubernetes-preserve-unknown-fields: true + storageClassName: + description: "The name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1." + type: "string" + volumeMode: + description: "Defines what type of volume is required by the claim, either Block or Filesystem." + type: "string" + type: "object" + required: + - "name" + type: "object" + type: "array" + volumeMounts: + description: "Defines VolumeMounts to override.\nAdd new or override existing volume mounts of the first container in the Pod." + items: + description: "VolumeMount describes a mounting of a Volume within a container." + properties: + mountPath: + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." + type: "string" + mountPropagation: + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." + type: "string" + name: + description: "This must match the Name of a Volume." + type: "string" + readOnly: + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." + type: "boolean" + subPath: + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." + type: "string" + subPathExpr: + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." + type: "string" + required: + - "mountPath" + - "name" + type: "object" + type: "array" + volumes: + description: "Defines Volumes to override.\nAdd new or override existing volumes." + items: + description: "Volume represents a named volume in a pod that may be accessed by any container in the pod." + properties: + awsElasticBlockStore: + description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + properties: + fsType: + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + partition: + description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." + format: "int32" + type: "integer" + readOnly: + description: "readOnly value true will force the readOnly setting in VolumeMounts.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + type: "boolean" + volumeID: + description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + type: "string" + required: + - "volumeID" + type: "object" + azureDisk: + description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod." + properties: + cachingMode: + description: "cachingMode is the Host Caching mode: None, Read Only, Read Write." + type: "string" + diskName: + description: "diskName is the Name of the data disk in the blob storage" + type: "string" + diskURI: + description: "diskURI is the URI of data disk in the blob storage" + type: "string" + fsType: + description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + kind: + description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" + type: "string" + readOnly: + description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + type: "boolean" + required: + - "diskName" + - "diskURI" + type: "object" + azureFile: + description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod." + properties: + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + type: "boolean" + secretName: + description: "secretName is the name of secret that contains Azure Storage Account Name and Key" + type: "string" + shareName: + description: "shareName is the azure share Name" + type: "string" + required: + - "secretName" + - "shareName" + type: "object" + cephfs: + description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime" + properties: + monitors: description: "monitors is Required: Monitors is a collection of Ceph monitors\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" items: type: "string" type: "array" - path: - description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" + path: + description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" + type: "string" + readOnly: + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + type: "boolean" + secretFile: + description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + type: "string" + secretRef: + description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + user: + description: "user is optional: User is the rados user name, default is admin\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + type: "string" + required: + - "monitors" + type: "object" + cinder: + description: "cinder represents a cinder volume attached and mounted on kubelets host machine.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" + properties: + fsType: + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" + type: "string" + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" + type: "boolean" + secretRef: + description: "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack." + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + volumeID: + description: "volumeID used to identify the volume in cinder.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" + type: "string" + required: + - "volumeID" + type: "object" + configMap: + description: "configMap represents a configMap that should populate this volume" + properties: + defaultMode: + description: "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional specify whether the ConfigMap or its keys must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + csi: + description: "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature)." + properties: + driver: + description: "driver is the name of the CSI driver that handles this volume.\nConsult with your admin for the correct name as registered in the cluster." + type: "string" + fsType: + description: "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\".\nIf not provided, the empty value is passed to the associated CSI driver\nwhich will determine the default filesystem to apply." + type: "string" + nodePublishSecretRef: + description: "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed." + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + readOnly: + description: "readOnly specifies a read-only configuration for the volume.\nDefaults to false (read/write)." + type: "boolean" + volumeAttributes: + additionalProperties: + type: "string" + description: "volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values." + type: "object" + required: + - "driver" + type: "object" + downwardAPI: + description: "downwardAPI represents downward API about the pod that should populate this volume" + properties: + defaultMode: + description: "Optional: mode bits to use on created files by default. Must be a\nOptional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "Items is a list of downward API volume file" + items: + description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" + properties: + fieldRef: + description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + mode: + description: "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" + type: "string" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + required: + - "path" + type: "object" + type: "array" + type: "object" + emptyDir: + description: "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + properties: + medium: + description: "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + type: "string" + sizeLimit: + anyOf: + - type: "integer" + - type: "string" + description: "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + type: "object" + ephemeral: + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + properties: + metadata: + description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." + properties: + annotations: + additionalProperties: + type: "string" + type: "object" + finalizers: + items: + type: "string" + type: "array" + labels: + additionalProperties: + type: "string" + type: "object" + name: + type: "string" + namespace: + type: "string" + type: "object" + spec: + description: "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here." + properties: + accessModes: + description: "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + items: + type: "string" + type: "array" + dataSource: + description: "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource." + properties: + apiGroup: + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." + type: "string" + kind: + description: "Kind is the type of resource being referenced" + type: "string" + name: + description: "Name is the name of resource being referenced" + type: "string" + required: + - "kind" + - "name" + type: "object" + x-kubernetes-map-type: "atomic" + dataSourceRef: + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + properties: + apiGroup: + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." + type: "string" + kind: + description: "Kind is the type of resource being referenced" + type: "string" + name: + description: "Name is the name of resource being referenced" + type: "string" + namespace: + description: "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + type: "string" + required: + - "kind" + - "name" + type: "object" + resources: + description: "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + selector: + description: "selector is a label query over volumes to consider for binding." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + storageClassName: + description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" + type: "string" + volumeMode: + description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." + type: "string" + volumeName: + description: "volumeName is the binding reference to the PersistentVolume backing this claim." + type: "string" + type: "object" + required: + - "spec" + type: "object" + type: "object" + fc: + description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." + properties: + fsType: + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + lun: + description: "lun is Optional: FC target lun number" + format: "int32" + type: "integer" + readOnly: + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + type: "boolean" + targetWWNs: + description: "targetWWNs is Optional: FC target worldwide names (WWNs)" + items: + type: "string" + type: "array" + wwids: + description: "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously." + items: + type: "string" + type: "array" + type: "object" + flexVolume: + description: "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin." + properties: + driver: + description: "driver is the name of the driver to use for this volume." + type: "string" + fsType: + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script." type: "string" + options: + additionalProperties: + type: "string" + description: "options is Optional: this field holds extra command options if any." + type: "object" readOnly: - description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" - secretFile: - description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - type: "string" secretRef: - description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts." properties: name: description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" - user: - description: "user is optional: User is the rados user name, default is admin\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - type: "string" required: - - "monitors" + - "driver" type: "object" - cinder: - description: "cinder represents a cinder volume attached and mounted on kubelets host machine.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" + flocker: + description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running" + properties: + datasetName: + description: "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker\nshould be considered as deprecated" + type: "string" + datasetUUID: + description: "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset" + type: "string" + type: "object" + gcePersistentDisk: + description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + partition: + description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + format: "int32" + type: "integer" + pdName: + description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" readOnly: - description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "boolean" - secretRef: - description: "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack." - properties: - name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" - type: "string" - type: "object" - x-kubernetes-map-type: "atomic" - volumeID: - description: "volumeID used to identify the volume in cinder.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" + required: + - "pdName" + type: "object" + gitRepo: + description: "gitRepo represents a git repository at a particular revision.\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\ninto the Pod's container." + properties: + directory: + description: "directory is the target directory name.\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\ngit repository. Otherwise, if specified, the volume will contain the git repository in\nthe subdirectory with the given name." + type: "string" + repository: + description: "repository is the URL" + type: "string" + revision: + description: "revision is the commit hash for the specified revision." type: "string" required: - - "volumeID" + - "repository" type: "object" - configMap: - description: "configMap represents a configMap that should populate this volume" + glusterfs: + description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md" properties: - defaultMode: - description: "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." - format: "int32" - type: "integer" - items: - description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." - items: - description: "Maps a string key to a path within a volume." - properties: - key: - description: "key is the key to project." - type: "string" - mode: - description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." - format: "int32" - type: "integer" - path: - description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." - type: "string" - required: - - "key" - - "path" - type: "object" - type: "array" - name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + endpoints: + description: "endpoints is the endpoint name that details Glusterfs topology.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "string" - optional: - description: "optional specify whether the ConfigMap or its keys must be defined" + path: + description: "path is the Glusterfs volume path.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + type: "string" + readOnly: + description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "boolean" + required: + - "endpoints" + - "path" type: "object" - x-kubernetes-map-type: "atomic" - csi: - description: "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature)." + hostPath: + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." properties: - driver: - description: "driver is the name of the CSI driver that handles this volume.\nConsult with your admin for the correct name as registered in the cluster." + path: + description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + type: "string" + type: + description: "type for HostPath Volume\nDefaults to \"\"\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" type: "string" + required: + - "path" + type: "object" + iscsi: + description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" + properties: + chapAuthDiscovery: + description: "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication" + type: "boolean" + chapAuthSession: + description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" + type: "boolean" fsType: - description: "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\".\nIf not provided, the empty value is passed to the associated CSI driver\nwhich will determine the default filesystem to apply." + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" - nodePublishSecretRef: - description: "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed." + initiatorName: + description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." + type: "string" + iqn: + description: "iqn is the target iSCSI Qualified Name." + type: "string" + iscsiInterface: + description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." + type: "string" + lun: + description: "lun represents iSCSI Target Lun number." + format: "int32" + type: "integer" + portals: + description: "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260)." + items: + type: "string" + type: "array" + readOnly: + description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false." + type: "boolean" + secretRef: + description: "secretRef is the CHAP Secret for iSCSI target and initiator authentication" properties: name: description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" - readOnly: - description: "readOnly specifies a read-only configuration for the volume.\nDefaults to false (read/write)." - type: "boolean" - volumeAttributes: - additionalProperties: - type: "string" - description: "volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values." - type: "object" + targetPortal: + description: "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260)." + type: "string" required: - - "driver" + - "iqn" + - "lun" + - "targetPortal" type: "object" - downwardAPI: - description: "downwardAPI represents downward API about the pod that should populate this volume" + name: + description: "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + nfs: + description: "nfs represents an NFS mount on the host that shares a pod's lifetime\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" properties: - defaultMode: - description: "Optional: mode bits to use on created files by default. Must be a\nOptional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." - format: "int32" - type: "integer" - items: - description: "Items is a list of downward API volume file" - items: - description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" - properties: - fieldRef: - description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." - properties: - apiVersion: - description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." - type: "string" - fieldPath: - description: "Path of the field to select in the specified API version." - type: "string" - required: - - "fieldPath" - type: "object" - x-kubernetes-map-type: "atomic" - mode: - description: "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." - format: "int32" - type: "integer" - path: - description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" - type: "string" - resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." - properties: - containerName: - description: "Container name: required for volumes, optional for env vars" - type: "string" - divisor: - anyOf: - - type: "integer" - - type: "string" - description: "Specifies the output format of the exposed resources, defaults to \"1\"" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: "string" - required: - - "resource" - type: "object" - x-kubernetes-map-type: "atomic" - required: - - "path" - type: "object" - type: "array" + path: + description: "path that is exported by the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + type: "string" + readOnly: + description: "readOnly here will force the NFS export to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + type: "boolean" + server: + description: "server is the hostname or IP address of the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + type: "string" + required: + - "path" + - "server" type: "object" - emptyDir: - description: "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + persistentVolumeClaim: + description: "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" properties: - medium: - description: "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + claimName: + description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" type: "string" - sizeLimit: - anyOf: - - type: "integer" - - type: "string" - description: "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true + readOnly: + description: "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false." + type: "boolean" + required: + - "claimName" type: "object" - ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + photonPersistentDisk: + description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine" properties: - volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." - properties: - metadata: - description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." - properties: - annotations: - additionalProperties: - type: "string" - type: "object" - finalizers: + fsType: + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + pdID: + description: "pdID is the ID that identifies Photon Controller persistent disk" + type: "string" + required: + - "pdID" + type: "object" + portworxVolume: + description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine" + properties: + fsType: + description: "fSType represents the filesystem type to mount\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + type: "boolean" + volumeID: + description: "volumeID uniquely identifies a Portworx volume" + type: "string" + required: + - "volumeID" + type: "object" + projected: + description: "projected items for all in one resources secrets, configmaps, and downward API" + properties: + defaultMode: + description: "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + sources: + description: "sources is the list of volume projections" + items: + description: "Projection that may be projected along with other supported volume types" + properties: + configMap: + description: "configMap information about the configMap data to project" + properties: items: + description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" - type: "array" - labels: - additionalProperties: - type: "string" - type: "object" - name: - type: "string" - namespace: - type: "string" - type: "object" - spec: - description: "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here." - properties: - accessModes: - description: "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + optional: + description: "optional specify whether the ConfigMap or its keys must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + downwardAPI: + description: "downwardAPI information about the downwardAPI data to project" + properties: items: - type: "string" - type: "array" - dataSource: - description: "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource." - properties: - apiGroup: - description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." - type: "string" - kind: - description: "Kind is the type of resource being referenced" - type: "string" - name: - description: "Name is the name of resource being referenced" - type: "string" - required: - - "kind" - - "name" - type: "object" - x-kubernetes-map-type: "atomic" - dataSourceRef: - description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." - properties: - apiGroup: - description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." - type: "string" - kind: - description: "Kind is the type of resource being referenced" - type: "string" - name: - description: "Name is the name of resource being referenced" - type: "string" - namespace: - description: "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." - type: "string" - required: - - "kind" - - "name" - type: "object" - resources: - description: "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" - properties: - claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." - items: - description: "ResourceClaim references one entry in PodSpec.ResourceClaims." - properties: - name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." - type: "string" - required: - - "name" - type: "object" - type: "array" - x-kubernetes-list-map-keys: - - "name" - x-kubernetes-list-type: "map" - limits: - additionalProperties: - anyOf: - - type: "integer" - - type: "string" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: "object" - requests: - additionalProperties: - anyOf: - - type: "integer" - - type: "string" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: "object" - type: "object" - selector: - description: "selector is a label query over volumes to consider for binding." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: + description: "Items is a list of DownwardAPIVolume file" + items: + description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" + properties: + fieldRef: + description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + mode: + description: "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" + type: "string" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + required: + - "path" type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - storageClassName: - description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" - type: "string" - volumeMode: - description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." - type: "string" - volumeName: - description: "volumeName is the binding reference to the PersistentVolume backing this claim." - type: "string" - type: "object" - required: - - "spec" - type: "object" - type: "object" - fc: - description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." - properties: - fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" - type: "string" - lun: - description: "lun is Optional: FC target lun number" - format: "int32" - type: "integer" - readOnly: - description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." - type: "boolean" - targetWWNs: - description: "targetWWNs is Optional: FC target worldwide names (WWNs)" - items: - type: "string" - type: "array" - wwids: - description: "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously." - items: - type: "string" + type: "array" + type: "object" + secret: + description: "secret information about the secret data to project" + properties: + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional field specify whether the Secret or its key must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + serviceAccountToken: + description: "serviceAccountToken is information about the serviceAccountToken data to project" + properties: + audience: + description: "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver." + type: "string" + expirationSeconds: + description: "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes." + format: "int64" + type: "integer" + path: + description: "path is the path relative to the mount point of the file to project the\ntoken into." + type: "string" + required: + - "path" + type: "object" + type: "object" type: "array" type: "object" - flexVolume: - description: "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin." + quobyte: + description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime" properties: - driver: - description: "driver is the name of the driver to use for this volume." - type: "string" - fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script." + group: + description: "group to map volume access to\nDefault is no group" type: "string" - options: - additionalProperties: - type: "string" - description: "options is Optional: this field holds extra command options if any." - type: "object" readOnly: - description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + description: "readOnly here will force the Quobyte volume to be mounted with read-only permissions.\nDefaults to false." type: "boolean" - secretRef: - description: "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts." - properties: - name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" - type: "string" - type: "object" - x-kubernetes-map-type: "atomic" - required: - - "driver" - type: "object" - flocker: - description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running" - properties: - datasetName: - description: "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker\nshould be considered as deprecated" + registry: + description: "registry represents a single or multiple Quobyte Registry services\nspecified as a string as host:port pair (multiple entries are separated with commas)\nwhich acts as the central registry for volumes" type: "string" - datasetUUID: - description: "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset" + tenant: + description: "tenant owning the given Quobyte volume in the Backend\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin" type: "string" - type: "object" - gcePersistentDisk: - description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" - properties: - fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + user: + description: "user to map volume access to\nDefaults to serivceaccount user" type: "string" - partition: - description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" - format: "int32" - type: "integer" - pdName: - description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + volume: + description: "volume is a string that references an already created Quobyte volume by name." type: "string" - readOnly: - description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" - type: "boolean" required: - - "pdName" + - "registry" + - "volume" type: "object" - gitRepo: - description: "gitRepo represents a git repository at a particular revision.\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\ninto the Pod's container." + rbd: + description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: - directory: - description: "directory is the target directory name.\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\ngit repository. Otherwise, if specified, the volume will contain the git repository in\nthe subdirectory with the given name." - type: "string" - repository: - description: "repository is the URL" + fsType: + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" - revision: - description: "revision is the commit hash for the specified revision." + image: + description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" - required: - - "repository" - type: "object" - glusterfs: - description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md" - properties: - endpoints: - description: "endpoints is the endpoint name that details Glusterfs topology.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + keyring: + description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" - path: - description: "path is the Glusterfs volume path.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + monitors: + description: "monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + items: + type: "string" + type: "array" + pool: + description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: - description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "boolean" - required: - - "endpoints" - - "path" - type: "object" - hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." - properties: - path: - description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" - type: "string" - type: - description: "type for HostPath Volume\nDefaults to \"\"\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + secretRef: + description: "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + user: + description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: - - "path" + - "image" + - "monitors" type: "object" - iscsi: - description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" + scaleIO: + description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: - chapAuthDiscovery: - description: "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication" - type: "boolean" - chapAuthSession: - description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" - type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" - type: "string" - initiatorName: - description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" - iqn: - description: "iqn is the target iSCSI Qualified Name." + gateway: + description: "gateway is the host address of the ScaleIO API Gateway." type: "string" - iscsiInterface: - description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." + protectionDomain: + description: "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage." type: "string" - lun: - description: "lun represents iSCSI Target Lun number." - format: "int32" - type: "integer" - portals: - description: "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260)." - items: - type: "string" - type: "array" readOnly: - description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false." + description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" secretRef: - description: "secretRef is the CHAP Secret for iSCSI target and initiator authentication" + description: "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail." properties: name: description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" - targetPortal: - description: "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260)." + sslEnabled: + description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" + type: "boolean" + storageMode: + description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." + type: "string" + storagePool: + description: "storagePool is the ScaleIO Storage Pool associated with the protection domain." + type: "string" + system: + description: "system is the name of the storage system as configured in ScaleIO." + type: "string" + volumeName: + description: "volumeName is the name of a volume already created in the ScaleIO system\nthat is associated with this volume source." type: "string" required: - - "iqn" - - "lun" - - "targetPortal" + - "gateway" + - "secretRef" + - "system" type: "object" - name: - description: "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: "string" - nfs: - description: "nfs represents an NFS mount on the host that shares a pod's lifetime\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + secret: + description: "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" properties: - path: - description: "path that is exported by the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" - type: "string" - readOnly: - description: "readOnly here will force the NFS export to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + defaultMode: + description: "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + optional: + description: "optional field specify whether the Secret or its keys must be defined" type: "boolean" - server: - description: "server is the hostname or IP address of the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + secretName: + description: "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" type: "string" - required: - - "path" - - "server" type: "object" - persistentVolumeClaim: - description: "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + storageos: + description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes." properties: - claimName: - description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + fsType: + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" readOnly: - description: "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false." + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" - required: - - "claimName" + secretRef: + description: "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted." + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + volumeName: + description: "volumeName is the human-readable name of the StorageOS volume. Volume\nnames are only unique within a namespace." + type: "string" + volumeNamespace: + description: "volumeNamespace specifies the scope of the volume within StorageOS. If no\nnamespace is specified then the Pod's namespace will be used. This allows the\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\nSet VolumeName to any name to override the default behaviour.\nSet to \"default\" if you are not using namespaces within StorageOS.\nNamespaces that do not pre-exist within StorageOS will be created." + type: "string" type: "object" - photonPersistentDisk: - description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine" + vsphereVolume: + description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine" properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" - pdID: - description: "pdID is the ID that identifies Photon Controller persistent disk" + storagePolicyID: + description: "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName." + type: "string" + storagePolicyName: + description: "storagePolicyName is the storage Policy Based Management (SPBM) profile name." + type: "string" + volumePath: + description: "volumePath is the path that identifies vSphere volume vmdk" type: "string" required: - - "pdID" + - "volumePath" type: "object" - portworxVolume: - description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine" + required: + - "name" + type: "object" + type: "array" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + issuer: + description: "Specifies the configuration for the TLS certificates issuer.\nIt allows defining the issuer name and the reference to the secret containing the TLS certificates and key.\nThe secret should contain the CA certificate, TLS certificate, and private key in the specified keys.\nRequired when TLS is enabled." + properties: + name: + allOf: + - enum: + - "KubeBlocks" + - "UserProvided" + - enum: + - "KubeBlocks" + - "UserProvided" + default: "KubeBlocks" + description: "The issuer for TLS certificates.\nIt only allows two enum values: `KubeBlocks` and `UserProvided`.\n\n\n- `KubeBlocks` indicates that the self-signed TLS certificates generated by the KubeBlocks Operator will be used.\n- `UserProvided` means that the user is responsible for providing their own CA, Cert, and Key.\n In this case, the user-provided CA certificate, server certificate, and private key will be used\n for TLS communication." + type: "string" + secretRef: + description: "SecretRef is the reference to the secret that contains user-provided certificates.\nIt is required when the issuer is set to `UserProvided`." + properties: + ca: + description: "Key of CA cert in Secret" + type: "string" + cert: + description: "Key of Cert in Secret" + type: "string" + key: + description: "Key of TLS private key in Secret" + type: "string" + name: + description: "Name of the Secret that contains user-provided certificates." + type: "string" + required: + - "ca" + - "cert" + - "key" + - "name" + type: "object" + required: + - "name" + type: "object" + labels: + additionalProperties: + type: "string" + description: "Specifies Labels to override or add for underlying Pods." + type: "object" + monitor: + description: "Deprecated since v0.9\nDetermines whether metrics exporter information is annotated on the Component's headless Service.\n\n\nIf set to true, the following annotations will be patched into the Service:\n\n\n- \"monitor.kubeblocks.io/path\"\n- \"monitor.kubeblocks.io/port\"\n- \"monitor.kubeblocks.io/scheme\"\n\n\nThese annotations allow the Prometheus installed by KubeBlocks to discover and scrape metrics from the exporter." + type: "boolean" + name: + description: "Specifies the Component's name.\nIt's part of the Service DNS name and must comply with the IANA service naming rule.\nThe name is optional when ClusterComponentSpec is used as a template (e.g., in `shardingSpec`),\nbut required otherwise.\n\n\nTODO +kubebuilder:validation:XValidation:rule=\"self == oldSelf\",message=\"name is immutable\"" + maxLength: 22 + pattern: "^[a-z]([a-z0-9\\-]*[a-z0-9])?$" + type: "string" + offlineInstances: + description: "Specifies the names of instances to be transitioned to offline status.\n\n\nMarking an instance as offline results in the following:\n\n\n1. The associated Pod is stopped, and its PersistentVolumeClaim (PVC) is retained for potential\n future reuse or data recovery, but it is no longer actively used.\n2. The ordinal number assigned to this instance is preserved, ensuring it remains unique\n and avoiding conflicts with new instances.\n\n\nSetting instances to offline allows for a controlled scale-in process, preserving their data and maintaining\nordinal consistency within the Cluster.\nNote that offline instances and their associated resources, such as PVCs, are not automatically deleted.\nThe administrator must manually manage the cleanup and removal of these resources when they are no longer needed." + items: + type: "string" + type: "array" + replicas: + default: 1 + description: "Specifies the desired number of replicas in the Component for enhancing availability and durability, or load balancing." + format: "int32" + minimum: 0.0 + type: "integer" + resources: + description: "Specifies the resources required by the Component.\nIt allows defining the CPU, memory requirements and limits for the Component's containers." + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + x-kubernetes-preserve-unknown-fields: true + schedulingPolicy: + description: "Specifies the scheduling policy for the Component." + properties: + affinity: + description: "Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity." + properties: + nodeAffinity: + description: "Describes node affinity scheduling rules for the pod." + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred." + items: + description: "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." + properties: + preference: + description: "A node selector term, associated with the corresponding weight." + properties: + matchExpressions: + description: "A list of node selector requirements by node's labels." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchFields: + description: "A list of node selector requirements by node's fields." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + type: "object" + x-kubernetes-map-type: "atomic" + weight: + description: "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100." + format: "int32" + type: "integer" + required: + - "preference" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: - fsType: - description: "fSType represents the filesystem type to mount\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified." - type: "string" - readOnly: - description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." - type: "boolean" - volumeID: - description: "volumeID uniquely identifies a Portworx volume" - type: "string" + nodeSelectorTerms: + description: "Required. A list of node selector terms. The terms are ORed." + items: + description: "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm." + properties: + matchExpressions: + description: "A list of node selector requirements by node's labels." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchFields: + description: "A list of node selector requirements by node's fields." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" required: - - "volumeID" + - "nodeSelectorTerms" type: "object" - projected: - description: "projected items for all in one resources secrets, configmaps, and downward API" - properties: - defaultMode: - description: "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." - format: "int32" - type: "integer" - sources: - description: "sources is the list of volume projections" - items: - description: "Projection that may be projected along with other supported volume types" + x-kubernetes-map-type: "atomic" + type: "object" + podAffinity: + description: "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s))." + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." + items: + description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" + properties: + podAffinityTerm: + description: "Required. A pod affinity term, associated with the corresponding weight." + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + weight: + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." + format: "int32" + type: "integer" + required: + - "podAffinityTerm" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." + items: + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + type: "array" + type: "object" + podAntiAffinity: + description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." + items: + description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" + properties: + podAffinityTerm: + description: "Required. A pod affinity term, associated with the corresponding weight." properties: - configMap: - description: "configMap information about the configMap data to project" + labelSelector: + description: "A label query over a set of resources, in this case pods." properties: - items: - description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "Maps a string key to a path within a volume." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: - description: "key is the key to project." + description: "key is the label key that the selector applies to." type: "string" - mode: - description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." - format: "int32" - type: "integer" - path: - description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" required: - "key" - - "path" + - "operator" type: "object" type: "array" - name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" - type: "string" - optional: - description: "optional specify whether the ConfigMap or its keys must be defined" - type: "boolean" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" type: "object" x-kubernetes-map-type: "atomic" - downwardAPI: - description: "downwardAPI information about the downwardAPI data to project" - properties: - items: - description: "Items is a list of DownwardAPIVolume file" - items: - description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" - properties: - fieldRef: - description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." - properties: - apiVersion: - description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." - type: "string" - fieldPath: - description: "Path of the field to select in the specified API version." - type: "string" - required: - - "fieldPath" - type: "object" - x-kubernetes-map-type: "atomic" - mode: - description: "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." - format: "int32" - type: "integer" - path: - description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" - type: "string" - resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." - properties: - containerName: - description: "Container name: required for volumes, optional for env vars" - type: "string" - divisor: - anyOf: - - type: "integer" - - type: "string" - description: "Specifies the output format of the exposed resources, defaults to \"1\"" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: "string" - required: - - "resource" - type: "object" - x-kubernetes-map-type: "atomic" - required: - - "path" - type: "object" - type: "array" - type: "object" - secret: - description: "secret information about the secret data to project" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: - items: - description: "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "Maps a string key to a path within a volume." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: - description: "key is the key to project." + description: "key is the label key that the selector applies to." type: "string" - mode: - description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." - format: "int32" - type: "integer" - path: - description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" required: - "key" - - "path" + - "operator" type: "object" type: "array" - name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" - type: "string" - optional: - description: "optional field specify whether the Secret or its key must be defined" - type: "boolean" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" type: "object" x-kubernetes-map-type: "atomic" - serviceAccountToken: - description: "serviceAccountToken is information about the serviceAccountToken data to project" - properties: - audience: - description: "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver." - type: "string" - expirationSeconds: - description: "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes." - format: "int64" - type: "integer" - path: - description: "path is the path relative to the mount point of the file to project the\ntoken into." - type: "string" - required: - - "path" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + weight: + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." + format: "int32" + type: "integer" + required: + - "podAffinityTerm" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." + items: + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" - type: "array" - type: "object" - quobyte: - description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime" - properties: - group: - description: "group to map volume access to\nDefault is no group" - type: "string" - readOnly: - description: "readOnly here will force the Quobyte volume to be mounted with read-only permissions.\nDefaults to false." - type: "boolean" - registry: - description: "registry represents a single or multiple Quobyte Registry services\nspecified as a string as host:port pair (multiple entries are separated with commas)\nwhich acts as the central registry for volumes" - type: "string" - tenant: - description: "tenant owning the given Quobyte volume in the Backend\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin" - type: "string" - user: - description: "user to map volume access to\nDefaults to serivceaccount user" - type: "string" - volume: - description: "volume is a string that references an already created Quobyte volume by name." - type: "string" - required: - - "registry" - - "volume" - type: "object" - rbd: - description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" - properties: - fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" - type: "string" - image: - description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: "string" - keyring: - description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: "string" - monitors: - description: "monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - items: + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" - type: "array" - pool: - description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: "string" - readOnly: - description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: "boolean" - secretRef: - description: "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + required: + - "topologyKey" + type: "object" + type: "array" + type: "object" + type: "object" + nodeName: + description: "NodeName is a request to schedule this Pod onto a specific node. If it is non-empty,\nthe scheduler simply schedules this Pod onto that node, assuming that it fits resource\nrequirements." + type: "string" + nodeSelector: + additionalProperties: + type: "string" + description: "NodeSelector is a selector which must be true for the Pod to fit on a node.\nSelector which must match a node's labels for the Pod to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" + type: "object" + x-kubernetes-map-type: "atomic" + schedulerName: + description: "If specified, the Pod will be dispatched by specified scheduler.\nIf not specified, the Pod will be dispatched by default scheduler." + type: "string" + tolerations: + description: "Allows Pods to be scheduled onto nodes with matching taints.\nEach toleration in the array allows the Pod to tolerate node taints based on\nspecified `key`, `value`, `effect`, and `operator`.\n\n\n- The `key`, `value`, and `effect` identify the taint that the toleration matches.\n- The `operator` determines how the toleration matches the taint.\n\n\nPods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes." + items: + description: "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ." + properties: + effect: + description: "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + type: "string" + key: + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys." + type: "string" + operator: + description: "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category." + type: "string" + tolerationSeconds: + description: "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system." + format: "int64" + type: "integer" + value: + description: "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string." + type: "string" + type: "object" + type: "array" + topologySpreadConstraints: + description: "TopologySpreadConstraints describes how a group of Pods ought to spread across topology\ndomains. Scheduler will schedule Pods in a way which abides by the constraints.\nAll topologySpreadConstraints are ANDed." + items: + description: "TopologySpreadConstraint specifies how to spread matching pods among the given topology." + properties: + labelSelector: + description: "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: - name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + key: + description: "key is the label key that the selector applies to." type: "string" - type: "object" - x-kubernetes-map-type: "atomic" - user: - description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: "string" - required: - - "image" - - "monitors" - type: "object" - scaleIO: - description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." - properties: - fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." - type: "string" - gateway: - description: "gateway is the host address of the ScaleIO API Gateway." - type: "string" - protectionDomain: - description: "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage." - type: "string" - readOnly: - description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." - type: "boolean" - secretRef: - description: "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail." - properties: - name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" - type: "object" - x-kubernetes-map-type: "atomic" - sslEnabled: - description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" - type: "boolean" - storageMode: - description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." - type: "string" - storagePool: - description: "storagePool is the ScaleIO Storage Pool associated with the protection domain." - type: "string" - system: - description: "system is the name of the storage system as configured in ScaleIO." - type: "string" - volumeName: - description: "volumeName is the name of a volume already created in the ScaleIO system\nthat is associated with this volume source." - type: "string" - required: - - "gateway" - - "secretRef" - - "system" - type: "object" - secret: - description: "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" - properties: - defaultMode: - description: "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." - format: "int32" - type: "integer" - items: - description: "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." - items: - description: "Maps a string key to a path within a volume." - properties: - key: - description: "key is the key to project." - type: "string" - mode: - description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." - format: "int32" - type: "integer" - path: - description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: type: "string" - required: - - "key" - - "path" - type: "object" - type: "array" - optional: - description: "optional field specify whether the Secret or its keys must be defined" - type: "boolean" - secretName: - description: "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" - type: "string" - type: "object" - storageos: - description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes." - properties: - fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." - type: "string" - readOnly: - description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." - type: "boolean" - secretRef: - description: "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted." - properties: - name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" - type: "string" - type: "object" - x-kubernetes-map-type: "atomic" - volumeName: - description: "volumeName is the human-readable name of the StorageOS volume. Volume\nnames are only unique within a namespace." - type: "string" - volumeNamespace: - description: "volumeNamespace specifies the scope of the volume within StorageOS. If no\nnamespace is specified then the Pod's namespace will be used. This allows the\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\nSet VolumeName to any name to override the default behaviour.\nSet to \"default\" if you are not using namespaces within StorageOS.\nNamespaces that do not pre-exist within StorageOS will be created." - type: "string" - type: "object" - vsphereVolume: - description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine" - properties: - fsType: - description: "fsType is filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." - type: "string" - storagePolicyID: - description: "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName." - type: "string" - storagePolicyName: - description: "storagePolicyName is the storage Policy Based Management (SPBM) profile name." - type: "string" - volumePath: - description: "volumePath is the path that identifies vSphere volume vmdk" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: type: "string" - required: - - "volumePath" - type: "object" - required: - - "name" - type: "object" - type: "array" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + maxSkew: + description: "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed." + format: "int32" + type: "integer" + minDomains: + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.\n\n\nThis is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default)." + format: "int32" + type: "integer" + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: "string" + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: "string" + topologyKey: + description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." + type: "string" + whenUnsatisfiable: + description: "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field." + type: "string" + required: + - "maxSkew" + - "topologyKey" + - "whenUnsatisfiable" + type: "object" + type: "array" + type: "object" + serviceAccountName: + description: "Specifies the name of the ServiceAccount required by the running Component.\nThis ServiceAccount is used to grant necessary permissions for the Component's Pods to interact\nwith other Kubernetes resources, such as modifying Pod labels or sending events.\n\n\nDefaults:\nIf not specified, KubeBlocks automatically assigns a default ServiceAccount named \"kb-{cluster.name}\",\nbound to a default role installed together with KubeBlocks.\n\n\nFuture Changes:\nFuture versions might change the default ServiceAccount creation strategy to one per Component,\npotentially revising the naming to \"kb-{cluster.name}-{component.name}\".\n\n\nUsers can override the automatic ServiceAccount assignment by explicitly setting the name of\nan existed ServiceAccount in this field." + type: "string" + serviceRefs: + description: "Defines a list of ServiceRef for a Component, enabling access to both external services and\nServices provided by other Clusters.\n\n\nTypes of services:\n\n\n- External services: Not managed by KubeBlocks or managed by a different KubeBlocks operator;\n Require a ServiceDescriptor for connection details.\n- Services provided by a Cluster: Managed by the same KubeBlocks operator;\n identified using Cluster, Component and Service names.\n\n\nServiceRefs with identical `serviceRef.name` in the same Cluster are considered the same.\n\n\nExample:\n```yaml\nserviceRefs:\n - name: \"redis-sentinel\"\n serviceDescriptor:\n name: \"external-redis-sentinel\"\n - name: \"postgres-cluster\"\n clusterServiceSelector:\n cluster: \"my-postgres-cluster\"\n service:\n component: \"postgresql\"\n```\nThe example above includes ServiceRefs to an external Redis Sentinel service and a PostgreSQL Cluster." + items: + properties: + cluster: + description: "Specifies the name of the KubeBlocks Cluster being referenced.\nThis is used when services from another KubeBlocks Cluster are consumed.\n\n\nBy default, the referenced KubeBlocks Cluster's `clusterDefinition.spec.connectionCredential`\nwill be utilized to bind to the current Component. This credential should include:\n`endpoint`, `port`, `username`, and `password`.\n\n\nNote:\n\n\n- The `ServiceKind` and `ServiceVersion` specified in the service reference within the\n ClusterDefinition are not validated when using this approach.\n- If both `cluster` and `serviceDescriptor` are present, `cluster` will take precedence.\n\n\nDeprecated since v0.9 since `clusterDefinition.spec.connectionCredential` is deprecated,\nuse `clusterServiceSelector` instead.\nThis field is maintained for backward compatibility and its use is discouraged.\nExisting usage should be updated to the current preferred approach to avoid compatibility issues in future releases." + type: "string" + clusterServiceSelector: + description: "References a service provided by another KubeBlocks Cluster.\nIt specifies the ClusterService and the account credentials needed for access." + properties: + cluster: + description: "The name of the Cluster being referenced." + type: "string" + credential: + description: "Specifies the SystemAccount to authenticate and establish a connection with the referenced Cluster.\nThe SystemAccount should be defined in `componentDefinition.spec.systemAccounts`\nof the Component providing the service in the referenced Cluster." + properties: + component: + description: "The name of the Component where the credential resides in." + type: "string" + name: + description: "The name of the credential (SystemAccount) to reference." + type: "string" + required: + - "component" + - "name" + type: "object" + service: + description: "Identifies a ClusterService from the list of Services defined in `cluster.spec.services` of the referenced Cluster." + properties: + component: + description: "The name of the Component where the Service resides in.\n\n\nIt is required when referencing a Component's Service." + type: "string" + port: + description: "The port name of the Service to be referenced.\n\n\nIf there is a non-zero node-port exist for the matched Service port, the node-port will be selected first.\n\n\nIf the referenced Service is of pod-service type (a Service per Pod), there will be multiple Service objects matched,\nand the resolved value will be presented in the following format: service1.name:port1,service2.name:port2..." + type: "string" + service: + description: "The name of the Service to be referenced.\n\n\nLeave it empty to reference the default Service. Set it to \"headless\" to reference the default headless Service.\n\n\nIf the referenced Service is of pod-service type (a Service per Pod), there will be multiple Service objects matched,\nand the resolved value will be presented in the following format: service1.name,service2.name..." + type: "string" + required: + - "service" + type: "object" + required: + - "cluster" + type: "object" + name: + description: "Specifies the identifier of the service reference declaration.\nIt corresponds to the serviceRefDeclaration name defined in either:\n\n\n- `componentDefinition.spec.serviceRefDeclarations[*].name`\n- `clusterDefinition.spec.componentDefs[*].serviceRefDeclarations[*].name` (deprecated)" + type: "string" + namespace: + description: "Specifies the namespace of the referenced Cluster or the namespace of the referenced ServiceDescriptor object.\nIf not provided, the referenced Cluster and ServiceDescriptor will be searched in the namespace of the current\nCluster by default." + type: "string" + serviceDescriptor: + description: "Specifies the name of the ServiceDescriptor object that describes a service provided by external sources.\n\n\nWhen referencing a service provided by external sources, a ServiceDescriptor object is required to establish\nthe service binding.\nThe `serviceDescriptor.spec.serviceKind` and `serviceDescriptor.spec.serviceVersion` should match the serviceKind\nand serviceVersion declared in the definition.\n\n\nIf both `cluster` and `serviceDescriptor` are specified, the `cluster` takes precedence." + type: "string" required: - "name" type: "object" type: "array" - x-kubernetes-list-map-keys: - - "name" - x-kubernetes-list-type: "map" - issuer: - description: "Specifies the configuration for the TLS certificates issuer.\nIt allows defining the issuer name and the reference to the secret containing the TLS certificates and key.\nThe secret should contain the CA certificate, TLS certificate, and private key in the specified keys.\nRequired when TLS is enabled." - properties: - name: - allOf: - - enum: - - "KubeBlocks" - - "UserProvided" - - enum: - - "KubeBlocks" - - "UserProvided" - default: "KubeBlocks" - description: "The issuer for TLS certificates.\nIt only allows two enum values: `KubeBlocks` and `UserProvided`.\n\n\n- `KubeBlocks` indicates that the self-signed TLS certificates generated by the KubeBlocks Operator will be used.\n- `UserProvided` means that the user is responsible for providing their own CA, Cert, and Key.\n In this case, the user-provided CA certificate, server certificate, and private key will be used\n for TLS communication." - type: "string" - secretRef: - description: "SecretRef is the reference to the secret that contains user-provided certificates.\nIt is required when the issuer is set to `UserProvided`." - properties: - ca: - description: "Key of CA cert in Secret" - type: "string" - cert: - description: "Key of Cert in Secret" - type: "string" - key: - description: "Key of TLS private key in Secret" - type: "string" - name: - description: "Name of the Secret that contains user-provided certificates." - type: "string" - required: - - "ca" - - "cert" - - "key" - - "name" - type: "object" - required: - - "name" - type: "object" - monitor: - description: "Deprecated since v0.9\nDetermines whether metrics exporter information is annotated on the Component's headless Service.\n\n\nIf set to true, the following annotations will be patched into the Service:\n\n\n- \"monitor.kubeblocks.io/path\"\n- \"monitor.kubeblocks.io/port\"\n- \"monitor.kubeblocks.io/scheme\"\n\n\nThese annotations allow the Prometheus installed by KubeBlocks to discover and scrape metrics from the exporter." - type: "boolean" - name: - description: "Specifies the Component's name.\nIt's part of the Service DNS name and must comply with the IANA service naming rule.\nThe name is optional when ClusterComponentSpec is used as a template (e.g., in `shardingSpec`),\nbut required otherwise.\n\n\nTODO +kubebuilder:validation:XValidation:rule=\"self == oldSelf\",message=\"name is immutable\"" - maxLength: 22 - pattern: "^[a-z]([a-z0-9\\-]*[a-z0-9])?$" + serviceVersion: + description: "ServiceVersion specifies the version of the Service expected to be provisioned by this Component.\nThe version should follow the syntax and semantics of the \"Semantic Versioning\" specification (http://semver.org/).\nIf no version is specified, the latest available version will be used." + maxLength: 32 type: "string" - offlineInstances: - description: "Specifies the names of instances to be transitioned to offline status.\n\n\nMarking an instance as offline results in the following:\n\n\n1. The associated Pod is stopped, and its PersistentVolumeClaim (PVC) is retained for potential\n future reuse or data recovery, but it is no longer actively used.\n2. The ordinal number assigned to this instance is preserved, ensuring it remains unique\n and avoiding conflicts with new instances.\n\n\nSetting instances to offline allows for a controlled scale-in process, preserving their data and maintaining\nordinal consistency within the Cluster.\nNote that offline instances and their associated resources, such as PVCs, are not automatically deleted.\nThe administrator must manually manage the cleanup and removal of these resources when they are no longer needed." + services: + description: "Overrides services defined in referenced ComponentDefinition and expose endpoints that can be accessed by clients." items: - type: "string" + properties: + annotations: + additionalProperties: + type: "string" + description: "If ServiceType is LoadBalancer, cloud provider related parameters can be put here.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer." + type: "object" + name: + description: "References the ComponentService name defined in the `componentDefinition.spec.services[*].name`." + maxLength: 25 + type: "string" + podService: + description: "Indicates whether to generate individual Services for each Pod.\nIf set to true, a separate Service will be created for each Pod in the Cluster." + type: "boolean" + serviceType: + default: "ClusterIP" + description: "Determines how the Service is exposed. Valid options are `ClusterIP`, `NodePort`, and `LoadBalancer`.\n\n\n- `ClusterIP` allocates a Cluster-internal IP address for load-balancing to endpoints.\n Endpoints are determined by the selector or if that is not specified,\n they are determined by manual construction of an Endpoints object or EndpointSlice objects.\n- `NodePort` builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the ClusterIP.\n- `LoadBalancer` builds on NodePort and creates an external load-balancer (if supported in the current cloud)\n which routes to the same endpoints as the ClusterIP.\n\n\nNote: although K8s Service type allows the 'ExternalName' type, it is not a valid option for ClusterComponentService.\n\n\nFor more info, see:\nhttps://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types." + enum: + - "ClusterIP" + - "NodePort" + - "LoadBalancer" + type: "string" + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + type: "object" type: "array" - replicas: - default: 1 - description: "Specifies the desired number of replicas in the Component for enhancing availability and durability, or load balancing." - format: "int32" - minimum: 0.0 - type: "integer" - resources: - description: "Specifies the resources required by the Component.\nIt allows defining the CPU, memory requirements and limits for the Component's containers." + switchPolicy: + description: "Defines the strategy for switchover and failover when workloadType is Replication.\n\n\nDeprecated since v0.9.\nThis field is maintained for backward compatibility and its use is discouraged.\nExisting usage should be updated to the current preferred approach to avoid compatibility issues in future releases." properties: - claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." - items: - description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + type: + default: "Noop" + description: "Type specifies the type of switch policy to be applied." + enum: + - "Noop" + type: "string" + type: "object" + systemAccounts: + description: "Overrides system accounts defined in referenced ComponentDefinition." + items: + properties: + name: + description: "The name of the system account." + type: "string" + passwordConfig: + description: "Specifies the policy for generating the account's password.\n\n\nThis field is immutable once set." + properties: + length: + default: 16 + description: "The length of the password." + format: "int32" + maximum: 32.0 + minimum: 8.0 + type: "integer" + letterCase: + default: "MixedCases" + description: "The case of the letters in the password." + enum: + - "LowerCases" + - "UpperCases" + - "MixedCases" + type: "string" + numDigits: + default: 4 + description: "The number of digits in the password." + format: "int32" + maximum: 8.0 + minimum: 0.0 + type: "integer" + numSymbols: + default: 0 + description: "The number of symbols in the password." + format: "int32" + maximum: 8.0 + minimum: 0.0 + type: "integer" + seed: + description: "Seed to generate the account's password.\nCannot be updated." + type: "string" + type: "object" + secretRef: + description: "Refers to the secret from which data will be copied to create the new account.\n\n\nThis field is immutable once set." properties: name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + description: "The unique identifier of the secret." + type: "string" + namespace: + description: "The namespace where the secret is located." type: "string" required: - "name" + - "namespace" type: "object" - type: "array" - x-kubernetes-list-map-keys: - - "name" - x-kubernetes-list-type: "map" - limits: - additionalProperties: - anyOf: - - type: "integer" - - type: "string" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: "object" - requests: - additionalProperties: - anyOf: - - type: "integer" - - type: "string" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: "object" - type: "object" - x-kubernetes-preserve-unknown-fields: true - schedulingPolicy: - description: "Specifies the scheduling policy for the Component." - properties: - affinity: - description: "Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity." - properties: - nodeAffinity: - description: "Describes node affinity scheduling rules for the pod." - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred." - items: - description: "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." - properties: - preference: - description: "A node selector term, associated with the corresponding weight." - properties: - matchExpressions: - description: "A list of node selector requirements by node's labels." - items: - description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." - properties: - key: - description: "The label key that the selector applies to." - type: "string" - operator: - description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." - type: "string" - values: - description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - matchFields: - description: "A list of node selector requirements by node's fields." - items: - description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." - properties: - key: - description: "The label key that the selector applies to." - type: "string" - operator: - description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." - type: "string" - values: - description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - type: "object" - x-kubernetes-map-type: "atomic" - weight: - description: "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100." - format: "int32" - type: "integer" - required: - - "preference" - - "weight" - type: "object" - type: "array" - requiredDuringSchedulingIgnoredDuringExecution: - description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." - properties: - nodeSelectorTerms: - description: "Required. A list of node selector terms. The terms are ORed." - items: - description: "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm." - properties: - matchExpressions: - description: "A list of node selector requirements by node's labels." - items: - description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." - properties: - key: - description: "The label key that the selector applies to." - type: "string" - operator: - description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." - type: "string" - values: - description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - matchFields: - description: "A list of node selector requirements by node's fields." - items: - description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." - properties: - key: - description: "The label key that the selector applies to." - type: "string" - operator: - description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." - type: "string" - values: - description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - type: "object" - x-kubernetes-map-type: "atomic" - type: "array" - required: - - "nodeSelectorTerms" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - podAffinity: - description: "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s))." - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." - items: - description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" - properties: - podAffinityTerm: - description: "Required. A pod affinity term, associated with the corresponding weight." - properties: - labelSelector: - description: "A label query over a set of resources, in this case pods." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaceSelector: - description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." - items: - type: "string" - type: "array" - topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." - type: "string" - required: - - "topologyKey" - type: "object" - weight: - description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." - format: "int32" - type: "integer" - required: - - "podAffinityTerm" - - "weight" - type: "object" - type: "array" - requiredDuringSchedulingIgnoredDuringExecution: - description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." + required: + - "name" + type: "object" + type: "array" + tls: + description: "A boolean flag that indicates whether the Component should use Transport Layer Security (TLS)\nfor secure communication.\nWhen set to true, the Component will be configured to use TLS encryption for its network connections.\nThis ensures that the data transmitted between the Component and its clients or other Components is encrypted\nand protected from unauthorized access.\nIf TLS is enabled, the Component may require additional configuration, such as specifying TLS certificates and keys,\nto properly set up the secure communication channel." + type: "boolean" + tolerations: + description: "Allows Pods to be scheduled onto nodes with matching taints.\nEach toleration in the array allows the Pod to tolerate node taints based on\nspecified `key`, `value`, `effect`, and `operator`.\n\n\n- The `key`, `value`, and `effect` identify the taint that the toleration matches.\n- The `operator` determines how the toleration matches the taint.\n\n\nPods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes.\n\n\nDeprecated since v0.10, replaced by the `schedulingPolicy` field." + items: + description: "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ." + properties: + effect: + description: "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + type: "string" + key: + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys." + type: "string" + operator: + description: "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category." + type: "string" + tolerationSeconds: + description: "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system." + format: "int64" + type: "integer" + value: + description: "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string." + type: "string" + type: "object" + type: "array" + x-kubernetes-preserve-unknown-fields: true + updateStrategy: + description: "Defines the update strategy for the Component.\n\n\nDeprecated since v0.9.\nThis field is maintained for backward compatibility and its use is discouraged.\nExisting usage should be updated to the current preferred approach to avoid compatibility issues in future releases." + enum: + - "Serial" + - "BestEffortParallel" + - "Parallel" + type: "string" + userResourceRefs: + description: "Allows users to specify custom ConfigMaps and Secrets to be mounted as volumes\nin the Cluster's Pods.\nThis is useful in scenarios where users need to provide additional resources to the Cluster, such as:\n\n\n- Mounting custom scripts or configuration files during Cluster startup.\n- Mounting Secrets as volumes to provide sensitive information, like S3 AK/SK, to the Cluster." + properties: + configMapRefs: + description: "ConfigMapRefs defines the user-defined ConfigMaps." + items: + description: "ConfigMapRef defines a reference to a ConfigMap." + properties: + asVolumeFrom: + description: "AsVolumeFrom lists the names of containers in which the volume should be mounted." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "set" + configMap: + description: "ConfigMap specifies the ConfigMap to be mounted as a volume." + properties: + defaultMode: + description: "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" items: - description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" - properties: - labelSelector: - description: "A label query over a set of resources, in this case pods." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaceSelector: - description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." - items: + description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional specify whether the ConfigMap or its keys must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + mountPoint: + description: "MountPoint is the filesystem path where the volume will be mounted." + maxLength: 256 + pattern: "^/[a-z]([a-z0-9\\-]*[a-z0-9])?$" + type: "string" + name: + description: "Name is the name of the referenced ConfigMap or Secret object. It must conform to DNS label standards." + maxLength: 63 + pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" + type: "string" + subPath: + description: "SubPath specifies a path within the volume from which to mount." + type: "string" + required: + - "configMap" + - "mountPoint" + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + secretRefs: + description: "SecretRefs defines the user-defined Secrets." + items: + description: "SecretRef defines a reference to a Secret." + properties: + asVolumeFrom: + description: "AsVolumeFrom lists the names of containers in which the volume should be mounted." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "set" + mountPoint: + description: "MountPoint is the filesystem path where the volume will be mounted." + maxLength: 256 + pattern: "^/[a-z]([a-z0-9\\-]*[a-z0-9])?$" + type: "string" + name: + description: "Name is the name of the referenced ConfigMap or Secret object. It must conform to DNS label standards." + maxLength: 63 + pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" + type: "string" + secret: + description: "Secret specifies the Secret to be mounted as a volume." + properties: + defaultMode: + description: "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + optional: + description: "optional field specify whether the Secret or its keys must be defined" + type: "boolean" + secretName: + description: "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + type: "string" + type: "object" + subPath: + description: "SubPath specifies a path within the volume from which to mount." + type: "string" + required: + - "mountPoint" + - "name" + - "secret" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + type: "object" + volumeClaimTemplates: + description: "Specifies a list of PersistentVolumeClaim templates that represent the storage requirements for the Component.\nEach template specifies the desired characteristics of a persistent volume, such as storage class,\nsize, and access modes.\nThese templates are used to dynamically provision persistent volumes for the Component." + items: + properties: + name: + description: "Refers to the name of a volumeMount defined in either:\n\n\n- `componentDefinition.spec.runtime.containers[*].volumeMounts`\n- `clusterDefinition.spec.componentDefs[*].podSpec.containers[*].volumeMounts` (deprecated)\n\n\nThe value of `name` must match the `name` field of a volumeMount specified in the corresponding `volumeMounts` array." + type: "string" + spec: + description: "Defines the desired characteristics of a PersistentVolumeClaim that will be created for the volume\nwith the mount name specified in the `name` field.\n\n\nWhen a Pod is created for this ClusterComponent, a new PVC will be created based on the specification\ndefined in the `spec` field. The PVC will be associated with the volume mount specified by the `name` field." + properties: + accessModes: + description: "Contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1." + items: + type: "string" + type: "array" + x-kubernetes-preserve-unknown-fields: true + resources: + description: "Represents the minimum resources the volume should have.\nIf the RecoverVolumeExpansionFailure feature is enabled, users are allowed to specify resource requirements that\nare lower than the previous value but must still be higher than the capacity recorded in the status field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources." + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" - type: "array" - topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." - type: "string" - required: - - "topologyKey" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" - type: "array" - type: "object" - podAntiAffinity: - description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." - items: - description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" - properties: - podAffinityTerm: - description: "Required. A pod affinity term, associated with the corresponding weight." - properties: - labelSelector: - description: "A label query over a set of resources, in this case pods." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaceSelector: - description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." - properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" - type: "object" - x-kubernetes-map-type: "atomic" - namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." - items: - type: "string" - type: "array" - topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." - type: "string" - required: - - "topologyKey" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + x-kubernetes-preserve-unknown-fields: true + storageClassName: + description: "The name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1." + type: "string" + volumeMode: + description: "Defines what type of volume is required by the claim, either Block or Filesystem." + type: "string" + type: "object" + required: + - "name" + type: "object" + type: "array" + volumes: + description: "List of volumes to override." + items: + description: "Volume represents a named volume in a pod that may be accessed by any container in the pod." + properties: + awsElasticBlockStore: + description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + properties: + fsType: + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + partition: + description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." + format: "int32" + type: "integer" + readOnly: + description: "readOnly value true will force the readOnly setting in VolumeMounts.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + type: "boolean" + volumeID: + description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + type: "string" + required: + - "volumeID" + type: "object" + azureDisk: + description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod." + properties: + cachingMode: + description: "cachingMode is the Host Caching mode: None, Read Only, Read Write." + type: "string" + diskName: + description: "diskName is the Name of the data disk in the blob storage" + type: "string" + diskURI: + description: "diskURI is the URI of data disk in the blob storage" + type: "string" + fsType: + description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + kind: + description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" + type: "string" + readOnly: + description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + type: "boolean" + required: + - "diskName" + - "diskURI" + type: "object" + azureFile: + description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod." + properties: + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + type: "boolean" + secretName: + description: "secretName is the name of secret that contains Azure Storage Account Name and Key" + type: "string" + shareName: + description: "shareName is the azure share Name" + type: "string" + required: + - "secretName" + - "shareName" + type: "object" + cephfs: + description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime" + properties: + monitors: + description: "monitors is Required: Monitors is a collection of Ceph monitors\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + items: + type: "string" + type: "array" + path: + description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" + type: "string" + readOnly: + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + type: "boolean" + secretFile: + description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + type: "string" + secretRef: + description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + user: + description: "user is optional: User is the rados user name, default is admin\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + type: "string" + required: + - "monitors" + type: "object" + cinder: + description: "cinder represents a cinder volume attached and mounted on kubelets host machine.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" + properties: + fsType: + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" + type: "string" + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" + type: "boolean" + secretRef: + description: "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack." + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + volumeID: + description: "volumeID used to identify the volume in cinder.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" + type: "string" + required: + - "volumeID" + type: "object" + configMap: + description: "configMap represents a configMap that should populate this volume" + properties: + defaultMode: + description: "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional specify whether the ConfigMap or its keys must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + csi: + description: "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature)." + properties: + driver: + description: "driver is the name of the CSI driver that handles this volume.\nConsult with your admin for the correct name as registered in the cluster." + type: "string" + fsType: + description: "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\".\nIf not provided, the empty value is passed to the associated CSI driver\nwhich will determine the default filesystem to apply." + type: "string" + nodePublishSecretRef: + description: "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed." + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + readOnly: + description: "readOnly specifies a read-only configuration for the volume.\nDefaults to false (read/write)." + type: "boolean" + volumeAttributes: + additionalProperties: + type: "string" + description: "volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values." + type: "object" + required: + - "driver" + type: "object" + downwardAPI: + description: "downwardAPI represents downward API about the pod that should populate this volume" + properties: + defaultMode: + description: "Optional: mode bits to use on created files by default. Must be a\nOptional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "Items is a list of downward API volume file" + items: + description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" + properties: + fieldRef: + description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + mode: + description: "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" + type: "string" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + required: + - "path" + type: "object" + type: "array" + type: "object" + emptyDir: + description: "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + properties: + medium: + description: "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + type: "string" + sizeLimit: + anyOf: + - type: "integer" + - type: "string" + description: "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + type: "object" + ephemeral: + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + properties: + metadata: + description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." + properties: + annotations: + additionalProperties: + type: "string" type: "object" - weight: - description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." - format: "int32" - type: "integer" - required: - - "podAffinityTerm" - - "weight" + finalizers: + items: + type: "string" + type: "array" + labels: + additionalProperties: + type: "string" + type: "object" + name: + type: "string" + namespace: + type: "string" type: "object" - type: "array" - requiredDuringSchedulingIgnoredDuringExecution: - description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." - items: - description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" + spec: + description: "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here." properties: - labelSelector: - description: "A label query over a set of resources, in this case pods." + accessModes: + description: "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + items: + type: "string" + type: "array" + dataSource: + description: "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource." properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + apiGroup: + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." + type: "string" + kind: + description: "Kind is the type of resource being referenced" + type: "string" + name: + description: "Name is the name of resource being referenced" + type: "string" + required: + - "kind" + - "name" + type: "object" + x-kubernetes-map-type: "atomic" + dataSourceRef: + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + properties: + apiGroup: + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." + type: "string" + kind: + description: "Kind is the type of resource being referenced" + type: "string" + name: + description: "Name is the name of resource being referenced" + type: "string" + namespace: + description: "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + type: "string" + required: + - "kind" + - "name" + type: "object" + resources: + description: "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" required: - - "key" - - "operator" + - "name" type: "object" type: "array" - matchLabels: + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" - x-kubernetes-map-type: "atomic" - namespaceSelector: - description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." + selector: + description: "selector is a label query over volumes to consider for binding." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -6351,520 +8419,578 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" - namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." - items: - type: "string" - type: "array" - topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." + storageClassName: + description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" + type: "string" + volumeMode: + description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." + type: "string" + volumeName: + description: "volumeName is the binding reference to the PersistentVolume backing this claim." type: "string" - required: - - "topologyKey" type: "object" - type: "array" - type: "object" - type: "object" - nodeName: - description: "NodeName is a request to schedule this Pod onto a specific node. If it is non-empty,\nthe scheduler simply schedules this Pod onto that node, assuming that it fits resource\nrequirements." - type: "string" - nodeSelector: - additionalProperties: - type: "string" - description: "NodeSelector is a selector which must be true for the Pod to fit on a node.\nSelector which must match a node's labels for the Pod to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" - type: "object" - x-kubernetes-map-type: "atomic" - schedulerName: - description: "If specified, the Pod will be dispatched by specified scheduler.\nIf not specified, the Pod will be dispatched by default scheduler." - type: "string" - tolerations: - description: "Allows Pods to be scheduled onto nodes with matching taints.\nEach toleration in the array allows the Pod to tolerate node taints based on\nspecified `key`, `value`, `effect`, and `operator`.\n\n\n- The `key`, `value`, and `effect` identify the taint that the toleration matches.\n- The `operator` determines how the toleration matches the taint.\n\n\nPods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes." - items: - description: "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ." + required: + - "spec" + type: "object" + type: "object" + fc: + description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: - effect: - description: "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." - type: "string" - key: - description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys." - type: "string" - operator: - description: "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category." + fsType: + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" - tolerationSeconds: - description: "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system." - format: "int64" + lun: + description: "lun is Optional: FC target lun number" + format: "int32" type: "integer" - value: - description: "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string." - type: "string" + readOnly: + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + type: "boolean" + targetWWNs: + description: "targetWWNs is Optional: FC target worldwide names (WWNs)" + items: + type: "string" + type: "array" + wwids: + description: "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously." + items: + type: "string" + type: "array" type: "object" - type: "array" - topologySpreadConstraints: - description: "TopologySpreadConstraints describes how a group of Pods ought to spread across topology\ndomains. Scheduler will schedule Pods in a way which abides by the constraints.\nAll topologySpreadConstraints are ANDed." - items: - description: "TopologySpreadConstraint specifies how to spread matching pods among the given topology." + flexVolume: + description: "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin." properties: - labelSelector: - description: "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain." + driver: + description: "driver is the name of the driver to use for this volume." + type: "string" + fsType: + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script." + type: "string" + options: + additionalProperties: + type: "string" + description: "options is Optional: this field holds extra command options if any." + type: "object" + readOnly: + description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + type: "boolean" + secretRef: + description: "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts." properties: - matchExpressions: - description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." - items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." - properties: - key: - description: "key is the label key that the selector applies to." - type: "string" - operator: - description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." - type: "string" - values: - description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." - items: - type: "string" - type: "array" - required: - - "key" - - "operator" - type: "object" - type: "array" - matchLabels: - additionalProperties: - type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." - type: "object" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" type: "object" x-kubernetes-map-type: "atomic" - matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." - items: - type: "string" - type: "array" - x-kubernetes-list-type: "atomic" - maxSkew: - description: "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed." - format: "int32" - type: "integer" - minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.\n\n\nThis is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default)." + required: + - "driver" + type: "object" + flocker: + description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running" + properties: + datasetName: + description: "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker\nshould be considered as deprecated" + type: "string" + datasetUUID: + description: "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset" + type: "string" + type: "object" + gcePersistentDisk: + description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + properties: + fsType: + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + partition: + description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" format: "int32" type: "integer" - nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + pdName: + description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" - nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + readOnly: + description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + type: "boolean" + required: + - "pdName" + type: "object" + gitRepo: + description: "gitRepo represents a git repository at a particular revision.\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\ninto the Pod's container." + properties: + directory: + description: "directory is the target directory name.\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\ngit repository. Otherwise, if specified, the volume will contain the git repository in\nthe subdirectory with the given name." type: "string" - topologyKey: - description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." + repository: + description: "repository is the URL" type: "string" - whenUnsatisfiable: - description: "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field." + revision: + description: "revision is the commit hash for the specified revision." type: "string" required: - - "maxSkew" - - "topologyKey" - - "whenUnsatisfiable" + - "repository" type: "object" - type: "array" - type: "object" - serviceAccountName: - description: "Specifies the name of the ServiceAccount required by the running Component.\nThis ServiceAccount is used to grant necessary permissions for the Component's Pods to interact\nwith other Kubernetes resources, such as modifying Pod labels or sending events.\n\n\nDefaults:\nIf not specified, KubeBlocks automatically assigns a default ServiceAccount named \"kb-{cluster.name}\",\nbound to a default role installed together with KubeBlocks.\n\n\nFuture Changes:\nFuture versions might change the default ServiceAccount creation strategy to one per Component,\npotentially revising the naming to \"kb-{cluster.name}-{component.name}\".\n\n\nUsers can override the automatic ServiceAccount assignment by explicitly setting the name of\nan existed ServiceAccount in this field." - type: "string" - serviceRefs: - description: "Defines a list of ServiceRef for a Component, enabling access to both external services and\nServices provided by other Clusters.\n\n\nTypes of services:\n\n\n- External services: Not managed by KubeBlocks or managed by a different KubeBlocks operator;\n Require a ServiceDescriptor for connection details.\n- Services provided by a Cluster: Managed by the same KubeBlocks operator;\n identified using Cluster, Component and Service names.\n\n\nServiceRefs with identical `serviceRef.name` in the same Cluster are considered the same.\n\n\nExample:\n```yaml\nserviceRefs:\n - name: \"redis-sentinel\"\n serviceDescriptor:\n name: \"external-redis-sentinel\"\n - name: \"postgres-cluster\"\n clusterServiceSelector:\n cluster: \"my-postgres-cluster\"\n service:\n component: \"postgresql\"\n```\nThe example above includes ServiceRefs to an external Redis Sentinel service and a PostgreSQL Cluster." - items: - properties: - cluster: - description: "Specifies the name of the KubeBlocks Cluster being referenced.\nThis is used when services from another KubeBlocks Cluster are consumed.\n\n\nBy default, the referenced KubeBlocks Cluster's `clusterDefinition.spec.connectionCredential`\nwill be utilized to bind to the current Component. This credential should include:\n`endpoint`, `port`, `username`, and `password`.\n\n\nNote:\n\n\n- The `ServiceKind` and `ServiceVersion` specified in the service reference within the\n ClusterDefinition are not validated when using this approach.\n- If both `cluster` and `serviceDescriptor` are present, `cluster` will take precedence.\n\n\nDeprecated since v0.9 since `clusterDefinition.spec.connectionCredential` is deprecated,\nuse `clusterServiceSelector` instead.\nThis field is maintained for backward compatibility and its use is discouraged.\nExisting usage should be updated to the current preferred approach to avoid compatibility issues in future releases." - type: "string" - clusterServiceSelector: - description: "References a service provided by another KubeBlocks Cluster.\nIt specifies the ClusterService and the account credentials needed for access." + glusterfs: + description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md" + properties: + endpoints: + description: "endpoints is the endpoint name that details Glusterfs topology.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + type: "string" + path: + description: "path is the Glusterfs volume path.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + type: "string" + readOnly: + description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + type: "boolean" + required: + - "endpoints" + - "path" + type: "object" + hostPath: + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." properties: - cluster: - description: "The name of the Cluster being referenced." + path: + description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" type: "string" - credential: - description: "Specifies the SystemAccount to authenticate and establish a connection with the referenced Cluster.\nThe SystemAccount should be defined in `componentDefinition.spec.systemAccounts`\nof the Component providing the service in the referenced Cluster." + type: + description: "type for HostPath Volume\nDefaults to \"\"\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + type: "string" + required: + - "path" + type: "object" + iscsi: + description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" + properties: + chapAuthDiscovery: + description: "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication" + type: "boolean" + chapAuthSession: + description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" + type: "boolean" + fsType: + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + initiatorName: + description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." + type: "string" + iqn: + description: "iqn is the target iSCSI Qualified Name." + type: "string" + iscsiInterface: + description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." + type: "string" + lun: + description: "lun represents iSCSI Target Lun number." + format: "int32" + type: "integer" + portals: + description: "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260)." + items: + type: "string" + type: "array" + readOnly: + description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false." + type: "boolean" + secretRef: + description: "secretRef is the CHAP Secret for iSCSI target and initiator authentication" properties: - component: - description: "The name of the Component where the credential resides in." - type: "string" name: - description: "The name of the credential (SystemAccount) to reference." - type: "string" - required: - - "component" - - "name" - type: "object" - service: - description: "Identifies a ClusterService from the list of Services defined in `cluster.spec.services` of the referenced Cluster." - properties: - component: - description: "The name of the Component where the Service resides in.\n\n\nIt is required when referencing a Component's Service." - type: "string" - port: - description: "The port name of the Service to be referenced.\n\n\nIf there is a non-zero node-port exist for the matched Service port, the node-port will be selected first.\n\n\nIf the referenced Service is of pod-service type (a Service per Pod), there will be multiple Service objects matched,\nand the resolved value will be presented in the following format: service1.name:port1,service2.name:port2..." - type: "string" - service: - description: "The name of the Service to be referenced.\n\n\nLeave it empty to reference the default Service. Set it to \"headless\" to reference the default headless Service.\n\n\nIf the referenced Service is of pod-service type (a Service per Pod), there will be multiple Service objects matched,\nand the resolved value will be presented in the following format: service1.name,service2.name..." + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" - required: - - "service" type: "object" + x-kubernetes-map-type: "atomic" + targetPortal: + description: "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260)." + type: "string" required: - - "cluster" + - "iqn" + - "lun" + - "targetPortal" type: "object" name: - description: "Specifies the identifier of the service reference declaration.\nIt corresponds to the serviceRefDeclaration name defined in either:\n\n\n- `componentDefinition.spec.serviceRefDeclarations[*].name`\n- `clusterDefinition.spec.componentDefs[*].serviceRefDeclarations[*].name` (deprecated)" - type: "string" - namespace: - description: "Specifies the namespace of the referenced Cluster or the namespace of the referenced ServiceDescriptor object.\nIf not provided, the referenced Cluster and ServiceDescriptor will be searched in the namespace of the current\nCluster by default." - type: "string" - serviceDescriptor: - description: "Specifies the name of the ServiceDescriptor object that describes a service provided by external sources.\n\n\nWhen referencing a service provided by external sources, a ServiceDescriptor object is required to establish\nthe service binding.\nThe `serviceDescriptor.spec.serviceKind` and `serviceDescriptor.spec.serviceVersion` should match the serviceKind\nand serviceVersion declared in the definition.\n\n\nIf both `cluster` and `serviceDescriptor` are specified, the `cluster` takes precedence." + description: "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" - required: - - "name" - type: "object" - type: "array" - serviceVersion: - description: "ServiceVersion specifies the version of the Service expected to be provisioned by this Component.\nThe version should follow the syntax and semantics of the \"Semantic Versioning\" specification (http://semver.org/).\nIf no version is specified, the latest available version will be used." - maxLength: 32 - type: "string" - services: - description: "Overrides services defined in referenced ComponentDefinition and expose endpoints that can be accessed by clients." - items: - properties: - annotations: - additionalProperties: - type: "string" - description: "If ServiceType is LoadBalancer, cloud provider related parameters can be put here.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer." + nfs: + description: "nfs represents an NFS mount on the host that shares a pod's lifetime\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + properties: + path: + description: "path that is exported by the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + type: "string" + readOnly: + description: "readOnly here will force the NFS export to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + type: "boolean" + server: + description: "server is the hostname or IP address of the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + type: "string" + required: + - "path" + - "server" type: "object" - name: - description: "References the ComponentService name defined in the `componentDefinition.spec.services[*].name`." - maxLength: 25 - type: "string" - podService: - description: "Indicates whether to generate individual Services for each Pod.\nIf set to true, a separate Service will be created for each Pod in the Cluster." - type: "boolean" - serviceType: - default: "ClusterIP" - description: "Determines how the Service is exposed. Valid options are `ClusterIP`, `NodePort`, and `LoadBalancer`.\n\n\n- `ClusterIP` allocates a Cluster-internal IP address for load-balancing to endpoints.\n Endpoints are determined by the selector or if that is not specified,\n they are determined by manual construction of an Endpoints object or EndpointSlice objects.\n- `NodePort` builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the ClusterIP.\n- `LoadBalancer` builds on NodePort and creates an external load-balancer (if supported in the current cloud)\n which routes to the same endpoints as the ClusterIP.\n\n\nNote: although K8s Service type allows the 'ExternalName' type, it is not a valid option for ClusterComponentService.\n\n\nFor more info, see:\nhttps://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types." - enum: - - "ClusterIP" - - "NodePort" - - "LoadBalancer" - type: "string" - x-kubernetes-preserve-unknown-fields: true - required: - - "name" - type: "object" - type: "array" - switchPolicy: - description: "Defines the strategy for switchover and failover when workloadType is Replication.\n\n\nDeprecated since v0.9.\nThis field is maintained for backward compatibility and its use is discouraged.\nExisting usage should be updated to the current preferred approach to avoid compatibility issues in future releases." - properties: - type: - default: "Noop" - description: "Type specifies the type of switch policy to be applied." - enum: - - "Noop" - type: "string" - type: "object" - systemAccounts: - description: "Overrides system accounts defined in referenced ComponentDefinition." - items: - properties: - name: - description: "The name of the system account." - type: "string" - passwordConfig: - description: "Specifies the policy for generating the account's password.\n\n\nThis field is immutable once set." + persistentVolumeClaim: + description: "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" properties: - length: - default: 16 - description: "The length of the password." - format: "int32" - maximum: 32.0 - minimum: 8.0 - type: "integer" - letterCase: - default: "MixedCases" - description: "The case of the letters in the password." - enum: - - "LowerCases" - - "UpperCases" - - "MixedCases" + claimName: + description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" type: "string" - numDigits: - default: 4 - description: "The number of digits in the password." - format: "int32" - maximum: 8.0 - minimum: 0.0 - type: "integer" - numSymbols: - default: 0 - description: "The number of symbols in the password." - format: "int32" - maximum: 8.0 - minimum: 0.0 - type: "integer" - seed: - description: "Seed to generate the account's password.\nCannot be updated." + readOnly: + description: "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false." + type: "boolean" + required: + - "claimName" + type: "object" + photonPersistentDisk: + description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine" + properties: + fsType: + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" + pdID: + description: "pdID is the ID that identifies Photon Controller persistent disk" + type: "string" + required: + - "pdID" type: "object" - secretRef: - description: "Refers to the secret from which data will be copied to create the new account.\n\n\nThis field is immutable once set." + portworxVolume: + description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine" properties: - name: - description: "The unique identifier of the secret." + fsType: + description: "fSType represents the filesystem type to mount\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" - namespace: - description: "The namespace where the secret is located." + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + type: "boolean" + volumeID: + description: "volumeID uniquely identifies a Portworx volume" type: "string" required: - - "name" - - "namespace" + - "volumeID" type: "object" - required: - - "name" - type: "object" - type: "array" - tls: - description: "A boolean flag that indicates whether the Component should use Transport Layer Security (TLS)\nfor secure communication.\nWhen set to true, the Component will be configured to use TLS encryption for its network connections.\nThis ensures that the data transmitted between the Component and its clients or other Components is encrypted\nand protected from unauthorized access.\nIf TLS is enabled, the Component may require additional configuration, such as specifying TLS certificates and keys,\nto properly set up the secure communication channel." - type: "boolean" - tolerations: - description: "Allows Pods to be scheduled onto nodes with matching taints.\nEach toleration in the array allows the Pod to tolerate node taints based on\nspecified `key`, `value`, `effect`, and `operator`.\n\n\n- The `key`, `value`, and `effect` identify the taint that the toleration matches.\n- The `operator` determines how the toleration matches the taint.\n\n\nPods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes.\n\n\nDeprecated since v0.10, replaced by the `schedulingPolicy` field." - items: - description: "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ." - properties: - effect: - description: "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." - type: "string" - key: - description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys." - type: "string" - operator: - description: "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category." - type: "string" - tolerationSeconds: - description: "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system." - format: "int64" - type: "integer" - value: - description: "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string." - type: "string" - type: "object" - type: "array" - x-kubernetes-preserve-unknown-fields: true - updateStrategy: - description: "Defines the update strategy for the Component.\n\n\nDeprecated since v0.9.\nThis field is maintained for backward compatibility and its use is discouraged.\nExisting usage should be updated to the current preferred approach to avoid compatibility issues in future releases." - enum: - - "Serial" - - "BestEffortParallel" - - "Parallel" - type: "string" - userResourceRefs: - description: "Allows users to specify custom ConfigMaps and Secrets to be mounted as volumes\nin the Cluster's Pods.\nThis is useful in scenarios where users need to provide additional resources to the Cluster, such as:\n\n\n- Mounting custom scripts or configuration files during Cluster startup.\n- Mounting Secrets as volumes to provide sensitive information, like S3 AK/SK, to the Cluster." - properties: - configMapRefs: - description: "ConfigMapRefs defines the user-defined ConfigMaps." - items: - description: "ConfigMapRef defines a reference to a ConfigMap." + projected: + description: "projected items for all in one resources secrets, configmaps, and downward API" properties: - asVolumeFrom: - description: "AsVolumeFrom lists the names of containers in which the volume should be mounted." + defaultMode: + description: "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + sources: + description: "sources is the list of volume projections" items: - type: "string" - type: "array" - x-kubernetes-list-type: "set" - configMap: - description: "ConfigMap specifies the ConfigMap to be mounted as a volume." - properties: - defaultMode: - description: "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." - format: "int32" - type: "integer" - items: - description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." - items: - description: "Maps a string key to a path within a volume." + description: "Projection that may be projected along with other supported volume types" + properties: + configMap: + description: "configMap information about the configMap data to project" + properties: + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional specify whether the ConfigMap or its keys must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + downwardAPI: + description: "downwardAPI information about the downwardAPI data to project" + properties: + items: + description: "Items is a list of DownwardAPIVolume file" + items: + description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" + properties: + fieldRef: + description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + mode: + description: "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" + type: "string" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + required: + - "path" + type: "object" + type: "array" + type: "object" + secret: + description: "secret information about the secret data to project" properties: - key: - description: "key is the key to project." + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" - mode: - description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." - format: "int32" + optional: + description: "optional field specify whether the Secret or its key must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + serviceAccountToken: + description: "serviceAccountToken is information about the serviceAccountToken data to project" + properties: + audience: + description: "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver." + type: "string" + expirationSeconds: + description: "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes." + format: "int64" type: "integer" path: - description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + description: "path is the path relative to the mount point of the file to project the\ntoken into." type: "string" required: - - "key" - "path" type: "object" - type: "array" - name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" - type: "string" - optional: - description: "optional specify whether the ConfigMap or its keys must be defined" - type: "boolean" - type: "object" - x-kubernetes-map-type: "atomic" - mountPoint: - description: "MountPoint is the filesystem path where the volume will be mounted." - maxLength: 256 - pattern: "^/[a-z]([a-z0-9\\-]*[a-z0-9])?$" + type: "object" + type: "array" + type: "object" + quobyte: + description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime" + properties: + group: + description: "group to map volume access to\nDefault is no group" type: "string" - name: - description: "Name is the name of the referenced ConfigMap or Secret object. It must conform to DNS label standards." - maxLength: 63 - pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" + readOnly: + description: "readOnly here will force the Quobyte volume to be mounted with read-only permissions.\nDefaults to false." + type: "boolean" + registry: + description: "registry represents a single or multiple Quobyte Registry services\nspecified as a string as host:port pair (multiple entries are separated with commas)\nwhich acts as the central registry for volumes" type: "string" - subPath: - description: "SubPath specifies a path within the volume from which to mount." + tenant: + description: "tenant owning the given Quobyte volume in the Backend\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin" + type: "string" + user: + description: "user to map volume access to\nDefaults to serivceaccount user" + type: "string" + volume: + description: "volume is a string that references an already created Quobyte volume by name." type: "string" required: - - "configMap" - - "mountPoint" - - "name" + - "registry" + - "volume" type: "object" - type: "array" - x-kubernetes-list-map-keys: - - "name" - x-kubernetes-list-type: "map" - secretRefs: - description: "SecretRefs defines the user-defined Secrets." - items: - description: "SecretRef defines a reference to a Secret." + rbd: + description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: - asVolumeFrom: - description: "AsVolumeFrom lists the names of containers in which the volume should be mounted." + fsType: + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + image: + description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "string" + keyring: + description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "string" + monitors: + description: "monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" items: type: "string" type: "array" - x-kubernetes-list-type: "set" - mountPoint: - description: "MountPoint is the filesystem path where the volume will be mounted." - maxLength: 256 - pattern: "^/[a-z]([a-z0-9\\-]*[a-z0-9])?$" + pool: + description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" - name: - description: "Name is the name of the referenced ConfigMap or Secret object. It must conform to DNS label standards." - maxLength: 63 - pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" + readOnly: + description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "boolean" + secretRef: + description: "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + user: + description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" - secret: - description: "Secret specifies the Secret to be mounted as a volume." + required: + - "image" + - "monitors" + type: "object" + scaleIO: + description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." + properties: + fsType: + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." + type: "string" + gateway: + description: "gateway is the host address of the ScaleIO API Gateway." + type: "string" + protectionDomain: + description: "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage." + type: "string" + readOnly: + description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + type: "boolean" + secretRef: + description: "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail." properties: - defaultMode: - description: "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." - format: "int32" - type: "integer" - items: - description: "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." - items: - description: "Maps a string key to a path within a volume." - properties: - key: - description: "key is the key to project." - type: "string" - mode: - description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." - format: "int32" - type: "integer" - path: - description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." - type: "string" - required: - - "key" - - "path" - type: "object" - type: "array" - optional: - description: "optional field specify whether the Secret or its keys must be defined" - type: "boolean" - secretName: - description: "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" - subPath: - description: "SubPath specifies a path within the volume from which to mount." + x-kubernetes-map-type: "atomic" + sslEnabled: + description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" + type: "boolean" + storageMode: + description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." + type: "string" + storagePool: + description: "storagePool is the ScaleIO Storage Pool associated with the protection domain." + type: "string" + system: + description: "system is the name of the storage system as configured in ScaleIO." + type: "string" + volumeName: + description: "volumeName is the name of a volume already created in the ScaleIO system\nthat is associated with this volume source." type: "string" required: - - "mountPoint" - - "name" - - "secret" + - "gateway" + - "secretRef" + - "system" type: "object" - type: "array" - x-kubernetes-list-map-keys: - - "name" - x-kubernetes-list-type: "map" - type: "object" - volumeClaimTemplates: - description: "Specifies a list of PersistentVolumeClaim templates that represent the storage requirements for the Component.\nEach template specifies the desired characteristics of a persistent volume, such as storage class,\nsize, and access modes.\nThese templates are used to dynamically provision persistent volumes for the Component." - items: - properties: - name: - description: "Refers to the name of a volumeMount defined in either:\n\n\n- `componentDefinition.spec.runtime.containers[*].volumeMounts`\n- `clusterDefinition.spec.componentDefs[*].podSpec.containers[*].volumeMounts` (deprecated)\n\n\nThe value of `name` must match the `name` field of a volumeMount specified in the corresponding `volumeMounts` array." - type: "string" - spec: - description: "Defines the desired characteristics of a PersistentVolumeClaim that will be created for the volume\nwith the mount name specified in the `name` field.\n\n\nWhen a Pod is created for this ClusterComponent, a new PVC will be created based on the specification\ndefined in the `spec` field. The PVC will be associated with the volume mount specified by the `name` field." + secret: + description: "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" properties: - accessModes: - description: "Contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1." + defaultMode: + description: "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." items: - type: "string" + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" type: "array" - x-kubernetes-preserve-unknown-fields: true - resources: - description: "Represents the minimum resources the volume should have.\nIf the RecoverVolumeExpansionFailure feature is enabled, users are allowed to specify resource requirements that\nare lower than the previous value but must still be higher than the capacity recorded in the status field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources." + optional: + description: "optional field specify whether the Secret or its keys must be defined" + type: "boolean" + secretName: + description: "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + type: "string" + type: "object" + storageos: + description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes." + properties: + fsType: + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + type: "boolean" + secretRef: + description: "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted." properties: - claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." - items: - description: "ResourceClaim references one entry in PodSpec.ResourceClaims." - properties: - name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." - type: "string" - required: - - "name" - type: "object" - type: "array" - x-kubernetes-list-map-keys: - - "name" - x-kubernetes-list-type: "map" - limits: - additionalProperties: - anyOf: - - type: "integer" - - type: "string" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: "object" - requests: - additionalProperties: - anyOf: - - type: "integer" - - type: "string" - pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" - x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: "object" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" type: "object" - x-kubernetes-preserve-unknown-fields: true - storageClassName: - description: "The name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1." + x-kubernetes-map-type: "atomic" + volumeName: + description: "volumeName is the human-readable name of the StorageOS volume. Volume\nnames are only unique within a namespace." type: "string" - volumeMode: - description: "Defines what type of volume is required by the claim, either Block or Filesystem." + volumeNamespace: + description: "volumeNamespace specifies the scope of the volume within StorageOS. If no\nnamespace is specified then the Pod's namespace will be used. This allows the\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\nSet VolumeName to any name to override the default behaviour.\nSet to \"default\" if you are not using namespaces within StorageOS.\nNamespaces that do not pre-exist within StorageOS will be created." + type: "string" + type: "object" + vsphereVolume: + description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine" + properties: + fsType: + description: "fsType is filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" + storagePolicyID: + description: "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName." + type: "string" + storagePolicyName: + description: "storagePolicyName is the storage Policy Based Management (SPBM) profile name." + type: "string" + volumePath: + description: "volumePath is the path that identifies vSphere volume vmdk" + type: "string" + required: + - "volumePath" type: "object" required: - "name" diff --git a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/componentdefinitions.yaml b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/componentdefinitions.yaml index 3ddf2a429..2f0c535e3 100644 --- a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/componentdefinitions.yaml +++ b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/componentdefinitions.yaml @@ -2702,6 +2702,9 @@ spec: - "scrapePort" type: "object" type: "object" + podManagementPolicy: + description: "InstanceSet controls the creation of pods during initial scale up, replacement of pods on nodes, and scaling down.\n\n\n- `OrderedReady`: Creates pods in increasing order (pod-0, then pod-1, etc). The controller waits until each pod\nis ready before continuing. Pods are removed in reverse order when scaling down.\n- `Parallel`: Creates pods in parallel to match the desired scale without waiting. All pods are deleted at once\nwhen scaling down." + type: "string" policyRules: description: "Defines the namespaced policy rules required by the Component.\n\n\nThe `policyRules` field is an array of `rbacv1.PolicyRule` objects that define the policy rules\nneeded by the Component to operate within a namespace.\nThese policy rules determine the permissions and verbs the Component is allowed to perform on\nKubernetes resources within the namespace.\n\n\nThe purpose of this field is to automatically generate the necessary RBAC roles\nfor the Component based on the specified policy rules.\nThis ensures that the Pods in the Component has appropriate permissions to function.\n\n\nNote: This field is currently non-functional and is reserved for future implementation.\n\n\nThis field is immutable." items: @@ -7313,7 +7316,7 @@ spec: properties: initAccount: default: false - description: "Indicates if this account is the unique system initialization account (e.g., MySQL root).\nOnly one system initialization account is permitted.\n\n\nThis field is immutable once set." + description: "Indicates if this account is a system initialization account (e.g., MySQL root).\n\n\nThis field is immutable once set." type: "boolean" name: description: "Specifies the unique identifier for the account. This name is used by other entities to reference the account.\n\n\nThis field is immutable once set." diff --git a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/components.yaml b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/components.yaml index 69f97c6fc..aca48c287 100644 --- a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/components.yaml +++ b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/components.yaml @@ -81,11 +81,17 @@ spec: type: "array" x-kubernetes-list-type: "set" type: "object" + annotations: + additionalProperties: + type: "string" + description: "Specifies Annotations to override or add for underlying Pods." + type: "object" compDef: description: "Specifies the name of the referenced ComponentDefinition." maxLength: 64 type: "string" configs: + description: "Specifies the configuration content of a config template." items: description: "ClusterComponentConfig represents a config with its source bound." properties: @@ -138,6 +144,90 @@ spec: type: "string" type: "array" x-kubernetes-list-type: "set" + env: + description: "List of environment variables to add." + items: + description: "EnvVar represents an environment variable present in a Container." + properties: + name: + description: "Name of the environment variable. Must be a C_IDENTIFIER." + type: "string" + value: + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." + type: "string" + valueFrom: + description: "Source for the environment variable's value. Cannot be used if value is not empty." + properties: + configMapKeyRef: + description: "Selects a key of a ConfigMap." + properties: + key: + description: "The key to select." + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + fieldRef: + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + required: + - "name" + type: "object" + type: "array" instances: description: "Allows for the customization of configuration values for each instance within a Component.\nAn Instance represent a single replica (Pod and associated K8s resources like PVCs, Services, and ConfigMaps).\nWhile instances typically share a common configuration as defined in the ClusterComponentSpec,\nthey can require unique settings in various scenarios:\n\n\nFor example:\n- A database Component might require different resource allocations for primary and secondary instances,\n with primaries needing more resources.\n- During a rolling upgrade, a Component may first update the image for one or a few instances,\n and then update the remaining instances after verifying that the updated instances are functioning correctly.\n\n\nInstanceTemplate allows for specifying these unique configurations per instance.\nEach instance's name is constructed using the pattern: $(component.name)-$(template.name)-$(ordinal),\nstarting with an ordinal of 0.\nIt is crucial to maintain unique names for each InstanceTemplate to avoid conflicts.\n\n\nThe sum of replicas across all InstanceTemplates should not exceed the total number of Replicas specified for the Component.\nAny remaining replicas will be generated using the default template and will follow the default naming rules." items: @@ -1932,6 +2022,11 @@ spec: - "name" type: "object" type: "array" + labels: + additionalProperties: + type: "string" + description: "Specifies Labels to override or add for underlying Pods." + type: "object" offlineInstances: description: "Specifies the names of instances to be transitioned to offline status.\n\n\nMarking an instance as offline results in the following:\n\n\n1. The associated Pod is stopped, and its PersistentVolumeClaim (PVC) is retained for potential\n future reuse or data recovery, but it is no longer actively used.\n2. The ordinal number assigned to this instance is preserved, ensuring it remains unique\n and avoiding conflicts with new instances.\n\n\nSetting instances to offline allows for a controlled scale-in process, preserving their data and maintaining\nordinal consistency within the Cluster.\nNote that offline instances and their associated resources, such as PVCs, are not automatically deleted.\nThe administrator must manually manage the cleanup and removal of these resources when they are no longer needed." items: @@ -2973,6 +3068,974 @@ spec: - "name" type: "object" type: "array" + volumes: + description: "List of volumes to override." + items: + description: "Volume represents a named volume in a pod that may be accessed by any container in the pod." + properties: + awsElasticBlockStore: + description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + properties: + fsType: + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + partition: + description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." + format: "int32" + type: "integer" + readOnly: + description: "readOnly value true will force the readOnly setting in VolumeMounts.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + type: "boolean" + volumeID: + description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + type: "string" + required: + - "volumeID" + type: "object" + azureDisk: + description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod." + properties: + cachingMode: + description: "cachingMode is the Host Caching mode: None, Read Only, Read Write." + type: "string" + diskName: + description: "diskName is the Name of the data disk in the blob storage" + type: "string" + diskURI: + description: "diskURI is the URI of data disk in the blob storage" + type: "string" + fsType: + description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + kind: + description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" + type: "string" + readOnly: + description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + type: "boolean" + required: + - "diskName" + - "diskURI" + type: "object" + azureFile: + description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod." + properties: + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + type: "boolean" + secretName: + description: "secretName is the name of secret that contains Azure Storage Account Name and Key" + type: "string" + shareName: + description: "shareName is the azure share Name" + type: "string" + required: + - "secretName" + - "shareName" + type: "object" + cephfs: + description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime" + properties: + monitors: + description: "monitors is Required: Monitors is a collection of Ceph monitors\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + items: + type: "string" + type: "array" + path: + description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" + type: "string" + readOnly: + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + type: "boolean" + secretFile: + description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + type: "string" + secretRef: + description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + user: + description: "user is optional: User is the rados user name, default is admin\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + type: "string" + required: + - "monitors" + type: "object" + cinder: + description: "cinder represents a cinder volume attached and mounted on kubelets host machine.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" + properties: + fsType: + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" + type: "string" + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" + type: "boolean" + secretRef: + description: "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack." + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + volumeID: + description: "volumeID used to identify the volume in cinder.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" + type: "string" + required: + - "volumeID" + type: "object" + configMap: + description: "configMap represents a configMap that should populate this volume" + properties: + defaultMode: + description: "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional specify whether the ConfigMap or its keys must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + csi: + description: "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature)." + properties: + driver: + description: "driver is the name of the CSI driver that handles this volume.\nConsult with your admin for the correct name as registered in the cluster." + type: "string" + fsType: + description: "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\".\nIf not provided, the empty value is passed to the associated CSI driver\nwhich will determine the default filesystem to apply." + type: "string" + nodePublishSecretRef: + description: "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed." + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + readOnly: + description: "readOnly specifies a read-only configuration for the volume.\nDefaults to false (read/write)." + type: "boolean" + volumeAttributes: + additionalProperties: + type: "string" + description: "volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values." + type: "object" + required: + - "driver" + type: "object" + downwardAPI: + description: "downwardAPI represents downward API about the pod that should populate this volume" + properties: + defaultMode: + description: "Optional: mode bits to use on created files by default. Must be a\nOptional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "Items is a list of downward API volume file" + items: + description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" + properties: + fieldRef: + description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + mode: + description: "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" + type: "string" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + required: + - "path" + type: "object" + type: "array" + type: "object" + emptyDir: + description: "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + properties: + medium: + description: "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + type: "string" + sizeLimit: + anyOf: + - type: "integer" + - type: "string" + description: "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + type: "object" + ephemeral: + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + properties: + metadata: + description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." + properties: + annotations: + additionalProperties: + type: "string" + type: "object" + finalizers: + items: + type: "string" + type: "array" + labels: + additionalProperties: + type: "string" + type: "object" + name: + type: "string" + namespace: + type: "string" + type: "object" + spec: + description: "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here." + properties: + accessModes: + description: "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + items: + type: "string" + type: "array" + dataSource: + description: "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource." + properties: + apiGroup: + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." + type: "string" + kind: + description: "Kind is the type of resource being referenced" + type: "string" + name: + description: "Name is the name of resource being referenced" + type: "string" + required: + - "kind" + - "name" + type: "object" + x-kubernetes-map-type: "atomic" + dataSourceRef: + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + properties: + apiGroup: + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." + type: "string" + kind: + description: "Kind is the type of resource being referenced" + type: "string" + name: + description: "Name is the name of resource being referenced" + type: "string" + namespace: + description: "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + type: "string" + required: + - "kind" + - "name" + type: "object" + resources: + description: "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + selector: + description: "selector is a label query over volumes to consider for binding." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + storageClassName: + description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" + type: "string" + volumeMode: + description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." + type: "string" + volumeName: + description: "volumeName is the binding reference to the PersistentVolume backing this claim." + type: "string" + type: "object" + required: + - "spec" + type: "object" + type: "object" + fc: + description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." + properties: + fsType: + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + lun: + description: "lun is Optional: FC target lun number" + format: "int32" + type: "integer" + readOnly: + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + type: "boolean" + targetWWNs: + description: "targetWWNs is Optional: FC target worldwide names (WWNs)" + items: + type: "string" + type: "array" + wwids: + description: "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously." + items: + type: "string" + type: "array" + type: "object" + flexVolume: + description: "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin." + properties: + driver: + description: "driver is the name of the driver to use for this volume." + type: "string" + fsType: + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script." + type: "string" + options: + additionalProperties: + type: "string" + description: "options is Optional: this field holds extra command options if any." + type: "object" + readOnly: + description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + type: "boolean" + secretRef: + description: "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts." + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + required: + - "driver" + type: "object" + flocker: + description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running" + properties: + datasetName: + description: "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker\nshould be considered as deprecated" + type: "string" + datasetUUID: + description: "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset" + type: "string" + type: "object" + gcePersistentDisk: + description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + properties: + fsType: + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + partition: + description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + format: "int32" + type: "integer" + pdName: + description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + type: "string" + readOnly: + description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + type: "boolean" + required: + - "pdName" + type: "object" + gitRepo: + description: "gitRepo represents a git repository at a particular revision.\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\ninto the Pod's container." + properties: + directory: + description: "directory is the target directory name.\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\ngit repository. Otherwise, if specified, the volume will contain the git repository in\nthe subdirectory with the given name." + type: "string" + repository: + description: "repository is the URL" + type: "string" + revision: + description: "revision is the commit hash for the specified revision." + type: "string" + required: + - "repository" + type: "object" + glusterfs: + description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md" + properties: + endpoints: + description: "endpoints is the endpoint name that details Glusterfs topology.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + type: "string" + path: + description: "path is the Glusterfs volume path.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + type: "string" + readOnly: + description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + type: "boolean" + required: + - "endpoints" + - "path" + type: "object" + hostPath: + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + properties: + path: + description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + type: "string" + type: + description: "type for HostPath Volume\nDefaults to \"\"\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + type: "string" + required: + - "path" + type: "object" + iscsi: + description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" + properties: + chapAuthDiscovery: + description: "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication" + type: "boolean" + chapAuthSession: + description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" + type: "boolean" + fsType: + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + initiatorName: + description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." + type: "string" + iqn: + description: "iqn is the target iSCSI Qualified Name." + type: "string" + iscsiInterface: + description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." + type: "string" + lun: + description: "lun represents iSCSI Target Lun number." + format: "int32" + type: "integer" + portals: + description: "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260)." + items: + type: "string" + type: "array" + readOnly: + description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false." + type: "boolean" + secretRef: + description: "secretRef is the CHAP Secret for iSCSI target and initiator authentication" + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + targetPortal: + description: "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260)." + type: "string" + required: + - "iqn" + - "lun" + - "targetPortal" + type: "object" + name: + description: "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + nfs: + description: "nfs represents an NFS mount on the host that shares a pod's lifetime\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + properties: + path: + description: "path that is exported by the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + type: "string" + readOnly: + description: "readOnly here will force the NFS export to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + type: "boolean" + server: + description: "server is the hostname or IP address of the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + type: "string" + required: + - "path" + - "server" + type: "object" + persistentVolumeClaim: + description: "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + properties: + claimName: + description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + type: "string" + readOnly: + description: "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false." + type: "boolean" + required: + - "claimName" + type: "object" + photonPersistentDisk: + description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine" + properties: + fsType: + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + pdID: + description: "pdID is the ID that identifies Photon Controller persistent disk" + type: "string" + required: + - "pdID" + type: "object" + portworxVolume: + description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine" + properties: + fsType: + description: "fSType represents the filesystem type to mount\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + type: "boolean" + volumeID: + description: "volumeID uniquely identifies a Portworx volume" + type: "string" + required: + - "volumeID" + type: "object" + projected: + description: "projected items for all in one resources secrets, configmaps, and downward API" + properties: + defaultMode: + description: "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + sources: + description: "sources is the list of volume projections" + items: + description: "Projection that may be projected along with other supported volume types" + properties: + configMap: + description: "configMap information about the configMap data to project" + properties: + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional specify whether the ConfigMap or its keys must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + downwardAPI: + description: "downwardAPI information about the downwardAPI data to project" + properties: + items: + description: "Items is a list of DownwardAPIVolume file" + items: + description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" + properties: + fieldRef: + description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + mode: + description: "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" + type: "string" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + required: + - "path" + type: "object" + type: "array" + type: "object" + secret: + description: "secret information about the secret data to project" + properties: + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional field specify whether the Secret or its key must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + serviceAccountToken: + description: "serviceAccountToken is information about the serviceAccountToken data to project" + properties: + audience: + description: "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver." + type: "string" + expirationSeconds: + description: "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes." + format: "int64" + type: "integer" + path: + description: "path is the path relative to the mount point of the file to project the\ntoken into." + type: "string" + required: + - "path" + type: "object" + type: "object" + type: "array" + type: "object" + quobyte: + description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime" + properties: + group: + description: "group to map volume access to\nDefault is no group" + type: "string" + readOnly: + description: "readOnly here will force the Quobyte volume to be mounted with read-only permissions.\nDefaults to false." + type: "boolean" + registry: + description: "registry represents a single or multiple Quobyte Registry services\nspecified as a string as host:port pair (multiple entries are separated with commas)\nwhich acts as the central registry for volumes" + type: "string" + tenant: + description: "tenant owning the given Quobyte volume in the Backend\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin" + type: "string" + user: + description: "user to map volume access to\nDefaults to serivceaccount user" + type: "string" + volume: + description: "volume is a string that references an already created Quobyte volume by name." + type: "string" + required: + - "registry" + - "volume" + type: "object" + rbd: + description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" + properties: + fsType: + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + image: + description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "string" + keyring: + description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "string" + monitors: + description: "monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + items: + type: "string" + type: "array" + pool: + description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "string" + readOnly: + description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "boolean" + secretRef: + description: "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + user: + description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "string" + required: + - "image" + - "monitors" + type: "object" + scaleIO: + description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." + properties: + fsType: + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." + type: "string" + gateway: + description: "gateway is the host address of the ScaleIO API Gateway." + type: "string" + protectionDomain: + description: "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage." + type: "string" + readOnly: + description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + type: "boolean" + secretRef: + description: "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail." + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + sslEnabled: + description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" + type: "boolean" + storageMode: + description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." + type: "string" + storagePool: + description: "storagePool is the ScaleIO Storage Pool associated with the protection domain." + type: "string" + system: + description: "system is the name of the storage system as configured in ScaleIO." + type: "string" + volumeName: + description: "volumeName is the name of a volume already created in the ScaleIO system\nthat is associated with this volume source." + type: "string" + required: + - "gateway" + - "secretRef" + - "system" + type: "object" + secret: + description: "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + properties: + defaultMode: + description: "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + optional: + description: "optional field specify whether the Secret or its keys must be defined" + type: "boolean" + secretName: + description: "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + type: "string" + type: "object" + storageos: + description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes." + properties: + fsType: + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + type: "boolean" + secretRef: + description: "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted." + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + volumeName: + description: "volumeName is the human-readable name of the StorageOS volume. Volume\nnames are only unique within a namespace." + type: "string" + volumeNamespace: + description: "volumeNamespace specifies the scope of the volume within StorageOS. If no\nnamespace is specified then the Pod's namespace will be used. This allows the\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\nSet VolumeName to any name to override the default behaviour.\nSet to \"default\" if you are not using namespaces within StorageOS.\nNamespaces that do not pre-exist within StorageOS will be created." + type: "string" + type: "object" + vsphereVolume: + description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine" + properties: + fsType: + description: "fsType is filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + storagePolicyID: + description: "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName." + type: "string" + storagePolicyName: + description: "storagePolicyName is the storage Policy Based Management (SPBM) profile name." + type: "string" + volumePath: + description: "volumePath is the path that identifies vSphere volume vmdk" + type: "string" + required: + - "volumePath" + type: "object" + required: + - "name" + type: "object" + type: "array" required: - "compDef" - "replicas" diff --git a/crd-catalog/cert-manager/cert-manager/cert-manager.io/v1/clusterissuers.yaml b/crd-catalog/cert-manager/cert-manager/cert-manager.io/v1/clusterissuers.yaml index 8a4e11029..d94f91d2c 100644 --- a/crd-catalog/cert-manager/cert-manager/cert-manager.io/v1/clusterissuers.yaml +++ b/crd-catalog/cert-manager/cert-manager/cert-manager.io/v1/clusterissuers.yaml @@ -1239,6 +1239,19 @@ spec: - "roleId" - "secretRef" type: "object" + clientCertificate: + description: "ClientCertificate authenticates with Vault by presenting a client\ncertificate during the request's TLS handshake.\nWorks only when using HTTPS protocol." + properties: + mountPath: + description: "The Vault mountPath here is the mount path to use when authenticating with\nVault. For example, setting a value to `/v1/auth/foo`, will use the path\n`/v1/auth/foo/login` to authenticate with Vault. If unspecified, the\ndefault value \"/v1/auth/cert\" will be used." + type: "string" + name: + description: "Name of the certificate role to authenticate against.\nIf not set, matching any certificate role, if available." + type: "string" + secretName: + description: "Reference to Kubernetes Secret of type \"kubernetes.io/tls\" (hence containing\ntls.crt and tls.key) used to authenticate to Vault using TLS client\nauthentication." + type: "string" + type: "object" kubernetes: description: "Kubernetes authenticates with Vault by passing the ServiceAccount\ntoken stored in the named Secret resource to the Vault server." properties: diff --git a/crd-catalog/cert-manager/cert-manager/cert-manager.io/v1/issuers.yaml b/crd-catalog/cert-manager/cert-manager/cert-manager.io/v1/issuers.yaml index 4377cad5c..0fda69702 100644 --- a/crd-catalog/cert-manager/cert-manager/cert-manager.io/v1/issuers.yaml +++ b/crd-catalog/cert-manager/cert-manager/cert-manager.io/v1/issuers.yaml @@ -1240,6 +1240,19 @@ spec: - "roleId" - "secretRef" type: "object" + clientCertificate: + description: "ClientCertificate authenticates with Vault by presenting a client\ncertificate during the request's TLS handshake.\nWorks only when using HTTPS protocol." + properties: + mountPath: + description: "The Vault mountPath here is the mount path to use when authenticating with\nVault. For example, setting a value to `/v1/auth/foo`, will use the path\n`/v1/auth/foo/login` to authenticate with Vault. If unspecified, the\ndefault value \"/v1/auth/cert\" will be used." + type: "string" + name: + description: "Name of the certificate role to authenticate against.\nIf not set, matching any certificate role, if available." + type: "string" + secretName: + description: "Reference to Kubernetes Secret of type \"kubernetes.io/tls\" (hence containing\ntls.crt and tls.key) used to authenticate to Vault using TLS client\nauthentication." + type: "string" + type: "object" kubernetes: description: "Kubernetes authenticates with Vault by passing the ServiceAccount\ntoken stored in the named Secret resource to the Vault server." properties: diff --git a/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumloadbalancerippools.yaml b/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumloadbalancerippools.yaml index ebddeb318..9a6a7d04f 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumloadbalancerippools.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumloadbalancerippools.yaml @@ -69,20 +69,6 @@ spec: type: "string" type: "object" type: "array" - cidrs: - description: "Cidrs is a list of CIDRs comprising this IP Pool Deprecated: please use the `blocks` field instead. This field will be removed in a future release. https://github.com/cilium/cilium/issues/28590" - items: - description: "CiliumLoadBalancerIPPoolIPBlock describes a single IP block." - properties: - cidr: - format: "cidr" - type: "string" - start: - type: "string" - stop: - type: "string" - type: "object" - type: "array" disabled: default: false description: "Disabled, if set to true means that no new IPs will be allocated from this pool. Existing allocations will not be removed from services." diff --git a/crd-catalog/cloudnative-pg/cloudnative-pg/postgresql.cnpg.io/v1/clusters.yaml b/crd-catalog/cloudnative-pg/cloudnative-pg/postgresql.cnpg.io/v1/clusters.yaml index 168bdef43..dd3537f4d 100644 --- a/crd-catalog/cloudnative-pg/cloudnative-pg/postgresql.cnpg.io/v1/clusters.yaml +++ b/crd-catalog/cloudnative-pg/cloudnative-pg/postgresql.cnpg.io/v1/clusters.yaml @@ -2534,6 +2534,9 @@ spec: enabled: description: "If replica mode is enabled, this cluster will be a replica of an\nexisting cluster. Replica cluster can be created from a recovery\nobject store or via streaming through pg_basebackup.\nRefer to the Replica clusters page of the documentation for more information." type: "boolean" + promotionToken: + description: "A demotion token generated by an external cluster used to\ncheck if the promotion requirements are met." + type: "string" source: description: "The name of the external cluster which is the replication origin" minLength: 1 @@ -2542,6 +2545,9 @@ spec: - "enabled" - "source" type: "object" + x-kubernetes-validations: + - message: "Promotion token must be empty on replica clusters" + rule: "!has(self.promotionToken) || size(self.promotionToken) == 0 || !self.enabled" replicationSlots: default: highAvailability: @@ -3286,6 +3292,9 @@ spec: items: type: "string" type: "array" + demotionToken: + description: "DemotionToken is a JSON token containing the information\nfrom pg_controldata such as Database system identifier, Latest checkpoint's\nTimeLineID, Latest checkpoint's REDO location, Latest checkpoint's REDO\nWAL file, and Time of latest checkpoint" + type: "string" firstRecoverabilityPoint: description: "The first recoverability point, stored as a date in RFC3339 format.\nThis field is calculated from the content of FirstRecoverabilityPointByMethod" type: "string" @@ -3345,6 +3354,9 @@ spec: lastFailedBackup: description: "Stored as a date in RFC3339 format" type: "string" + lastPromotionToken: + description: "LastPromotionToken is the last verified promotion token that\nwas used to promote a replica cluster" + type: "string" lastSuccessfulBackup: description: "Last successful backup, stored as a date in RFC3339 format\nThis field is calculated from the content of LastSuccessfulBackupByMethod" type: "string" diff --git a/crd-catalog/cryostatio/cryostat-operator/operator.cryostat.io/v1beta2/cryostats.yaml b/crd-catalog/cryostatio/cryostat-operator/operator.cryostat.io/v1beta2/cryostats.yaml index 94769889d..88aefde76 100644 --- a/crd-catalog/cryostatio/cryostat-operator/operator.cryostat.io/v1beta2/cryostats.yaml +++ b/crd-catalog/cryostatio/cryostat-operator/operator.cryostat.io/v1beta2/cryostats.yaml @@ -2622,7 +2622,7 @@ spec: type: "array" type: "object" targetNamespaces: - description: "List of namespaces whose workloads Cryostat should be\npermitted to access and profile. Defaults to this Cryostat's namespace.\nWarning: All Cryostat users will be able to create and manage\nrecordings for workloads in the listed namespaces.\nMore details: https://github.com/cryostatio/cryostat-operator/blob/v2.4.0/docs/multi-namespace.md#data-isolation" + description: "List of namespaces whose workloads Cryostat should be\npermitted to access and profile. Defaults to this Cryostat's namespace.\nWarning: All Cryostat users will be able to create and manage\nrecordings for workloads in the listed namespaces.\nMore details: https://github.com/cryostatio/cryostat-operator/blob/v3.0.0/docs/config.md#data-isolation" items: type: "string" type: "array" diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/clustersecretstores.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/clustersecretstores.yaml index 4f6a0ec5e..c41ee38eb 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/clustersecretstores.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/clustersecretstores.yaml @@ -3,6 +3,8 @@ kind: "CustomResourceDefinition" metadata: annotations: controller-gen.kubebuilder.io/version: "v0.15.0" + labels: + external-secrets.io/component: "controller" name: "clustersecretstores.external-secrets.io" spec: group: "external-secrets.io" diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/externalsecrets.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/externalsecrets.yaml index e2de44069..92bb31f3b 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/externalsecrets.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/externalsecrets.yaml @@ -3,6 +3,8 @@ kind: "CustomResourceDefinition" metadata: annotations: controller-gen.kubebuilder.io/version: "v0.15.0" + labels: + external-secrets.io/component: "controller" name: "externalsecrets.external-secrets.io" spec: group: "external-secrets.io" diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/secretstores.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/secretstores.yaml index ddadbf7ab..e876c0dfe 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/secretstores.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/secretstores.yaml @@ -3,6 +3,8 @@ kind: "CustomResourceDefinition" metadata: annotations: controller-gen.kubebuilder.io/version: "v0.15.0" + labels: + external-secrets.io/component: "controller" name: "secretstores.external-secrets.io" spec: group: "external-secrets.io" diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clusterexternalsecrets.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clusterexternalsecrets.yaml index ed77d6e9c..eddb21a8d 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clusterexternalsecrets.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clusterexternalsecrets.yaml @@ -3,6 +3,8 @@ kind: "CustomResourceDefinition" metadata: annotations: controller-gen.kubebuilder.io/version: "v0.15.0" + labels: + external-secrets.io/component: "controller" name: "clusterexternalsecrets.external-secrets.io" spec: group: "external-secrets.io" diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clustersecretstores.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clustersecretstores.yaml index ebfac5276..9ac7f733d 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clustersecretstores.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clustersecretstores.yaml @@ -3,6 +3,8 @@ kind: "CustomResourceDefinition" metadata: annotations: controller-gen.kubebuilder.io/version: "v0.15.0" + labels: + external-secrets.io/component: "controller" name: "clustersecretstores.external-secrets.io" spec: group: "external-secrets.io" @@ -51,6 +53,11 @@ spec: items: description: "ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in\nfor a ClusterSecretStore instance." properties: + namespaceRegexes: + description: "Choose namespaces by using regex matching" + items: + type: "string" + type: "array" namespaceSelector: description: "Choose namespace using a labelSelector" properties: diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/externalsecrets.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/externalsecrets.yaml index f038096f1..530146405 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/externalsecrets.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/externalsecrets.yaml @@ -3,6 +3,8 @@ kind: "CustomResourceDefinition" metadata: annotations: controller-gen.kubebuilder.io/version: "v0.15.0" + labels: + external-secrets.io/component: "controller" name: "externalsecrets.external-secrets.io" spec: group: "external-secrets.io" diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/secretstores.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/secretstores.yaml index c5c79dc4f..7dda3276b 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/secretstores.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/secretstores.yaml @@ -3,6 +3,8 @@ kind: "CustomResourceDefinition" metadata: annotations: controller-gen.kubebuilder.io/version: "v0.15.0" + labels: + external-secrets.io/component: "controller" name: "secretstores.external-secrets.io" spec: group: "external-secrets.io" @@ -51,6 +53,11 @@ spec: items: description: "ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in\nfor a ClusterSecretStore instance." properties: + namespaceRegexes: + description: "Choose namespaces by using regex matching" + items: + type: "string" + type: "array" namespaceSelector: description: "Choose namespace using a labelSelector" properties: diff --git a/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/canaries.yaml b/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/canaries.yaml index 5bd124b07..9c84094a8 100644 --- a/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/canaries.yaml +++ b/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/canaries.yaml @@ -4820,6 +4820,143 @@ spec: thresholdMillis: description: "Maximum duration in milliseconds for the HTTP request. It will fail the check if it takes longer." type: "integer" + tlsConfig: + description: "TLS Config" + properties: + ca: + description: "PEM encoded certificate of the CA to verify the server certificate" + properties: + name: + type: "string" + value: + type: "string" + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: "string" + name: + type: "string" + required: + - "key" + type: "object" + helmRef: + properties: + key: + description: "Key is a JSONPath expression used to fetch the key from the merged JSON." + type: "string" + name: + type: "string" + required: + - "key" + type: "object" + secretKeyRef: + properties: + key: + type: "string" + name: + type: "string" + required: + - "key" + type: "object" + serviceAccount: + description: "ServiceAccount specifies the service account whose token should be fetched" + type: "string" + type: "object" + type: "object" + cert: + description: "PEM encoded client certificate" + properties: + name: + type: "string" + value: + type: "string" + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: "string" + name: + type: "string" + required: + - "key" + type: "object" + helmRef: + properties: + key: + description: "Key is a JSONPath expression used to fetch the key from the merged JSON." + type: "string" + name: + type: "string" + required: + - "key" + type: "object" + secretKeyRef: + properties: + key: + type: "string" + name: + type: "string" + required: + - "key" + type: "object" + serviceAccount: + description: "ServiceAccount specifies the service account whose token should be fetched" + type: "string" + type: "object" + type: "object" + handshakeTimeout: + description: "HandshakeTimeout defaults to 10 seconds" + format: "int64" + type: "integer" + insecureSkipVerify: + description: "InsecureSkipVerify controls whether a client verifies the server's\ncertificate chain and host name" + type: "boolean" + key: + description: "PEM encoded client private key" + properties: + name: + type: "string" + value: + type: "string" + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: "string" + name: + type: "string" + required: + - "key" + type: "object" + helmRef: + properties: + key: + description: "Key is a JSONPath expression used to fetch the key from the merged JSON." + type: "string" + name: + type: "string" + required: + - "key" + type: "object" + secretKeyRef: + properties: + key: + type: "string" + name: + type: "string" + required: + - "key" + type: "object" + serviceAccount: + description: "ServiceAccount specifies the service account whose token should be fetched" + type: "string" + type: "object" + type: "object" + type: "object" transform: properties: expr: diff --git a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterinputs.yaml b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterinputs.yaml index e4f0b7530..152d85fe4 100644 --- a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterinputs.yaml +++ b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterinputs.yaml @@ -209,6 +209,62 @@ spec: type: "string" type: "object" type: "object" + kubernetesEvents: + description: "KubernetesEvents defines the KubernetesEvents input plugin configuration" + properties: + db: + description: "Set a database file to keep track of recorded Kubernetes events" + type: "string" + dbSync: + description: "Set a database sync method. values: extra, full, normal and off" + type: "string" + intervalNsec: + description: "Set the polling interval for each channel (sub seconds: nanoseconds)." + format: "int64" + type: "integer" + intervalSec: + description: "Set the polling interval for each channel." + format: "int32" + type: "integer" + kubeCAFile: + description: "CA certificate file" + type: "string" + kubeCAPath: + description: "Absolute path to scan for certificate files" + type: "string" + kubeNamespace: + description: "Kubernetes namespace to query events from. Gets events from all namespaces by default" + type: "string" + kubeRequestLimit: + description: "kubernetes limit parameter for events query, no limit applied when set to 0." + format: "int32" + type: "integer" + kubeRetentionTime: + description: "Kubernetes retention time for events." + type: "string" + kubeTokenFile: + description: "Token file" + type: "string" + kubeTokenTTL: + description: "configurable 'time to live' for the K8s token. By default, it is set to 600 seconds. After this time, the token is reloaded from Kube_Token_File or the Kube_Token_Command." + type: "string" + kubeURL: + description: "API Server end-point" + type: "string" + tag: + description: "Tag name associated to all records comming from this plugin." + type: "string" + tlsDebug: + description: "Debug level between 0 (nothing) and 4 (every detail)." + format: "int32" + type: "integer" + tlsVerify: + description: "When enabled, turns on certificate validation when connecting to the Kubernetes API server." + type: "boolean" + tlsVhost: + description: "Set optional TLS virtual host." + type: "string" + type: "object" logLevel: enum: - "off" diff --git a/crd-catalog/flux-framework/flux-operator/flux-framework.org/v1alpha2/miniclusters.yaml b/crd-catalog/flux-framework/flux-operator/flux-framework.org/v1alpha2/miniclusters.yaml index 3abb8aab4..7317ce6fe 100644 --- a/crd-catalog/flux-framework/flux-operator/flux-framework.org/v1alpha2/miniclusters.yaml +++ b/crd-catalog/flux-framework/flux-operator/flux-framework.org/v1alpha2/miniclusters.yaml @@ -183,6 +183,12 @@ spec: configMapName: description: "Config map name if the existing volume is a config map\nYou should also define items if you are using this" type: "string" + emptyDir: + default: false + type: "boolean" + emptyDirMedium: + description: "Add an empty directory custom type" + type: "string" hostPath: description: "An existing hostPath to bind to path" type: "string" @@ -586,6 +592,12 @@ spec: configMapName: description: "Config map name if the existing volume is a config map\nYou should also define items if you are using this" type: "string" + emptyDir: + default: false + type: "boolean" + emptyDirMedium: + description: "Add an empty directory custom type" + type: "string" hostPath: description: "An existing hostPath to bind to path" type: "string" diff --git a/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanadashboards.yaml b/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanadashboards.yaml index 47d371bbf..76f22a495 100644 --- a/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanadashboards.yaml +++ b/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanadashboards.yaml @@ -27,33 +27,44 @@ spec: name: "v1beta1" schema: openAPIV3Schema: + description: "GrafanaDashboard is the Schema for the grafanadashboards API" properties: apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" spec: + description: "GrafanaDashboardSpec defines the desired state of GrafanaDashboard" properties: allowCrossNamespaceImport: + description: "allow to import this resources from an operator in a different namespace" type: "boolean" configMapRef: + description: "dashboard from configmap" properties: key: + description: "The key to select." type: "string" name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: + description: "Specify whether the ConfigMap or its key must be defined" type: "boolean" required: - "key" type: "object" x-kubernetes-map-type: "atomic" contentCacheDuration: + description: "Cache duration for dashboards fetched from URLs" type: "string" datasources: + description: "maps required data sources to existing ones" items: properties: datasourceName: @@ -66,29 +77,38 @@ spec: type: "object" type: "array" envFrom: + description: "environments variables from secrets or config maps" items: properties: configMapKeyRef: + description: "Selects a key of a ConfigMap." properties: key: + description: "The key to select." type: "string" name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: + description: "Specify whether the ConfigMap or its key must be defined" type: "boolean" required: - "key" type: "object" x-kubernetes-map-type: "atomic" secretKeyRef: + description: "Selects a key of a Secret." properties: key: + description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: + description: "Specify whether the Secret or its key must be defined" type: "boolean" required: - "key" @@ -97,35 +117,46 @@ spec: type: "object" type: "array" envs: + description: "environments variables as a map" items: properties: name: type: "string" value: + description: "Inline evn value" type: "string" valueFrom: + description: "Reference on value source, might be the reference on a secret or config map" properties: configMapKeyRef: + description: "Selects a key of a ConfigMap." properties: key: + description: "The key to select." type: "string" name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: + description: "Specify whether the ConfigMap or its key must be defined" type: "boolean" required: - "key" type: "object" x-kubernetes-map-type: "atomic" secretKeyRef: + description: "Selects a key of a Secret." properties: key: + description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: + description: "Specify whether the Secret or its key must be defined" type: "boolean" required: - "key" @@ -137,8 +168,10 @@ spec: type: "object" type: "array" folder: + description: "folder assignment for dashboard" type: "string" grafanaCom: + description: "grafana.com/dashboards" properties: id: type: "integer" @@ -148,18 +181,25 @@ spec: - "id" type: "object" gzipJson: + description: "GzipJson the dashboard's JSON compressed with Gzip. Base64-encoded when in YAML." format: "byte" type: "string" instanceSelector: + description: "selects Grafanas for import" properties: matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: + description: "key is the label key that the selector applies to." type: "string" operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -173,6 +213,7 @@ spec: matchLabels: additionalProperties: type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" @@ -180,10 +221,13 @@ spec: - message: "Value is immutable" rule: "self == oldSelf" json: + description: "dashboard json" type: "string" jsonnet: + description: "Jsonnet" type: "string" jsonnetLib: + description: "Jsonnet project build" properties: fileName: type: "string" @@ -199,6 +243,7 @@ spec: - "gzipJsonnetProject" type: "object" plugins: + description: "plugins" items: properties: name: @@ -212,17 +257,21 @@ spec: type: "array" resyncPeriod: default: "5m" + description: "how often the dashboard is refreshed, defaults to 5m if not set" format: "duration" pattern: "^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$" type: "string" url: + description: "dashboard url" type: "string" required: - "instanceSelector" type: "object" status: + description: "GrafanaDashboardStatus defines the observed state of GrafanaDashboard" properties: NoMatchingInstances: + description: "The dashboard instanceSelector can't find matching grafana instances" type: "boolean" contentCache: format: "byte" @@ -235,6 +284,7 @@ spec: hash: type: "string" lastResync: + description: "Last time the dashboard was resynced" format: "date-time" type: "string" uid: diff --git a/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanadatasources.yaml b/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanadatasources.yaml index f34d68c2f..ac8999200 100644 --- a/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanadatasources.yaml +++ b/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanadatasources.yaml @@ -27,16 +27,21 @@ spec: name: "v1beta1" schema: openAPIV3Schema: + description: "GrafanaDatasource is the Schema for the grafanadatasources API" properties: apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" spec: + description: "GrafanaDatasourceSpec defines the desired state of GrafanaDatasource" properties: allowCrossNamespaceImport: + description: "allow to import this resources from an operator in a different namespace" type: "boolean" datasource: properties: @@ -49,6 +54,7 @@ spec: database: type: "string" editable: + description: "Deprecated field, it has no effect" type: "boolean" isDefault: type: "boolean" @@ -58,6 +64,7 @@ spec: name: type: "string" orgId: + description: "Deprecated field, it has no effect" format: "int64" type: "integer" secureJsonData: @@ -73,15 +80,21 @@ spec: type: "string" type: "object" instanceSelector: + description: "selects Grafana instances for import" properties: matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: + description: "key is the label key that the selector applies to." type: "string" operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -95,6 +108,7 @@ spec: matchLabels: additionalProperties: type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" @@ -102,6 +116,7 @@ spec: - message: "Value is immutable" rule: "self == oldSelf" plugins: + description: "plugins" items: properties: name: @@ -115,10 +130,12 @@ spec: type: "array" resyncPeriod: default: "5m" + description: "how often the datasource is refreshed, defaults to 5m if not set" format: "duration" pattern: "^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$" type: "string" valuesFrom: + description: "environments variables from secrets or config maps" items: properties: targetPath: @@ -126,26 +143,34 @@ spec: valueFrom: properties: configMapKeyRef: + description: "Selects a key of a ConfigMap." properties: key: + description: "The key to select." type: "string" name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: + description: "Specify whether the ConfigMap or its key must be defined" type: "boolean" required: - "key" type: "object" x-kubernetes-map-type: "atomic" secretKeyRef: + description: "Selects a key of a Secret." properties: key: + description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: + description: "Specify whether the Secret or its key must be defined" type: "boolean" required: - "key" @@ -162,14 +187,17 @@ spec: - "instanceSelector" type: "object" status: + description: "GrafanaDatasourceStatus defines the observed state of GrafanaDatasource" properties: NoMatchingInstances: + description: "The datasource instanceSelector can't find matching grafana instances" type: "boolean" hash: type: "string" lastMessage: type: "string" lastResync: + description: "Last time the datasource was resynced" format: "date-time" type: "string" uid: diff --git a/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanafolders.yaml b/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanafolders.yaml index bbc215c5c..8123c1100 100644 --- a/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanafolders.yaml +++ b/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanafolders.yaml @@ -23,27 +23,38 @@ spec: name: "v1beta1" schema: openAPIV3Schema: + description: "GrafanaFolder is the Schema for the grafanafolders API" properties: apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" spec: + description: "GrafanaFolderSpec defines the desired state of GrafanaFolder" properties: allowCrossNamespaceImport: + description: "allow to import this resources from an operator in a different namespace" type: "boolean" instanceSelector: + description: "selects Grafanas for import" properties: matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: + description: "key is the label key that the selector applies to." type: "string" operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -57,6 +68,7 @@ spec: matchLabels: additionalProperties: type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" @@ -64,9 +76,11 @@ spec: - message: "Value is immutable" rule: "self == oldSelf" permissions: + description: "raw json with folder permissions" type: "string" resyncPeriod: default: "5m" + description: "how often the folder is synced, defaults to 5m if not set" format: "duration" pattern: "^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$" type: "string" @@ -76,12 +90,16 @@ spec: - "instanceSelector" type: "object" status: + description: "GrafanaFolderStatus defines the observed state of GrafanaFolder" properties: NoMatchingInstances: + description: "The folder instanceSelector can't find matching grafana instances" type: "boolean" hash: + description: "INSERT ADDITIONAL STATUS FIELD - define observed state of cluster\nImportant: Run \"make\" to regenerate code after modifying this file" type: "string" lastResync: + description: "Last time the folder was resynced" format: "date-time" type: "string" type: "object" diff --git a/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanas.yaml b/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanas.yaml index e8b1d49e7..81836d433 100644 --- a/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanas.yaml +++ b/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanas.yaml @@ -29,18 +29,24 @@ spec: name: "v1beta1" schema: openAPIV3Schema: + description: "Grafana is the Schema for the grafanas API" properties: apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" spec: + description: "GrafanaSpec defines the desired state of Grafana" properties: client: + description: "Client defines how the grafana-operator talks to the grafana instance." properties: preferIngress: + description: "If the operator should send it's request through the grafana instances ingress object instead of through the service." nullable: true type: "boolean" timeout: @@ -52,11 +58,14 @@ spec: additionalProperties: type: "string" type: "object" + description: "Config defines how your grafana ini file should looks like." type: "object" x-kubernetes-preserve-unknown-fields: true deployment: + description: "Deployment sets how the deployment object should look like with your grafana instance, contains a number of defaults." properties: metadata: + description: "ObjectMeta contains only a [subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta)." properties: annotations: additionalProperties: @@ -84,15 +93,21 @@ spec: format: "int32" type: "integer" selector: + description: "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects." properties: matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: + description: "key is the label key that the selector applies to." type: "string" operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -106,30 +121,37 @@ spec: matchLabels: additionalProperties: type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" strategy: + description: "DeploymentStrategy describes how to replace existing pods with new ones." properties: rollingUpdate: + description: "Rolling update config params. Present only if DeploymentStrategyType =\nRollingUpdate.\n---\nTODO: Update this to follow our convention for oneOf, whatever we decide it\nto be." properties: maxSurge: anyOf: - type: "integer" - type: "string" + description: "The maximum number of pods that can be scheduled above the desired number of\npods.\nValue can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).\nThis can not be 0 if MaxUnavailable is 0.\nAbsolute number is calculated from percentage by rounding up.\nDefaults to 25%.\nExample: when this is set to 30%, the new ReplicaSet can be scaled up immediately when\nthe rolling update starts, such that the total number of old and new pods do not exceed\n130% of desired pods. Once old pods have been killed,\nnew ReplicaSet can be scaled up further, ensuring that total number of pods running\nat any time during the update is at most 130% of desired pods." x-kubernetes-int-or-string: true maxUnavailable: anyOf: - type: "integer" - type: "string" + description: "The maximum number of pods that can be unavailable during the update.\nValue can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).\nAbsolute number is calculated from percentage by rounding down.\nThis can not be 0 if MaxSurge is 0.\nDefaults to 25%.\nExample: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods\nimmediately when the rolling update starts. Once new pods are ready, old ReplicaSet\ncan be scaled down further, followed by scaling up the new ReplicaSet, ensuring\nthat the total number of pods available at all times during the update is at\nleast 70% of desired pods." x-kubernetes-int-or-string: true type: "object" type: + description: "Type of deployment. Can be \"Recreate\" or \"RollingUpdate\". Default is RollingUpdate." type: "string" type: "object" template: properties: metadata: + description: "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" properties: annotations: additionalProperties: @@ -141,27 +163,38 @@ spec: type: "object" type: "object" spec: + description: "Specification of the desired behavior of the pod.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" properties: activeDeadlineSeconds: format: "int64" type: "integer" affinity: + description: "If specified, the pod's scheduling constraints" properties: nodeAffinity: + description: "Describes node affinity scheduling rules for the pod." properties: preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred." items: + description: "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." properties: preference: + description: "A node selector term, associated with the corresponding weight." properties: matchExpressions: + description: "A list of node selector requirements by node's labels." items: + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: + description: "The label key that the selector applies to." type: "string" operator: + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -173,13 +206,18 @@ spec: type: "array" x-kubernetes-list-type: "atomic" matchFields: + description: "A list of node selector requirements by node's fields." items: + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: + description: "The label key that the selector applies to." type: "string" operator: + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -193,6 +231,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" weight: + description: "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100." format: "int32" type: "integer" required: @@ -202,18 +241,26 @@ spec: type: "array" x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: nodeSelectorTerms: + description: "Required. A list of node selector terms. The terms are ORed." items: + description: "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm." properties: matchExpressions: + description: "A list of node selector requirements by node's labels." items: + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: + description: "The label key that the selector applies to." type: "string" operator: + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -225,13 +272,18 @@ spec: type: "array" x-kubernetes-list-type: "atomic" matchFields: + description: "A list of node selector requirements by node's fields." items: + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: + description: "The label key that the selector applies to." type: "string" operator: + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -252,22 +304,32 @@ spec: x-kubernetes-map-type: "atomic" type: "object" podAffinity: + description: "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s))." properties: preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." items: + description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" properties: podAffinityTerm: + description: "Required. A pod affinity term, associated with the corresponding weight." properties: labelSelector: + description: "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: + description: "key is the label key that the selector applies to." type: "string" operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -281,29 +343,38 @@ spec: matchLabels: additionalProperties: type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" namespaceSelector: + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: + description: "key is the label key that the selector applies to." type: "string" operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -317,20 +388,24 @@ spec: matchLabels: additionalProperties: type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" type: "object" weight: + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." format: "int32" type: "integer" required: @@ -340,18 +415,26 @@ spec: type: "array" x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" properties: labelSelector: + description: "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: + description: "key is the label key that the selector applies to." type: "string" operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -365,29 +448,38 @@ spec: matchLabels: additionalProperties: type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" namespaceSelector: + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: + description: "key is the label key that the selector applies to." type: "string" operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -401,15 +493,18 @@ spec: matchLabels: additionalProperties: type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" @@ -418,22 +513,32 @@ spec: x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: + description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." properties: preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." items: + description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" properties: podAffinityTerm: + description: "Required. A pod affinity term, associated with the corresponding weight." properties: labelSelector: + description: "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: + description: "key is the label key that the selector applies to." type: "string" operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -447,29 +552,38 @@ spec: matchLabels: additionalProperties: type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" namespaceSelector: + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: + description: "key is the label key that the selector applies to." type: "string" operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -483,20 +597,24 @@ spec: matchLabels: additionalProperties: type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" type: "object" weight: + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." format: "int32" type: "integer" required: @@ -506,18 +624,26 @@ spec: type: "array" x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: + description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" properties: labelSelector: + description: "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: + description: "key is the label key that the selector applies to." type: "string" operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -531,29 +657,38 @@ spec: matchLabels: additionalProperties: type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" namespaceSelector: + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: + description: "key is the label key that the selector applies to." type: "string" operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -567,15 +702,18 @@ spec: matchLabels: additionalProperties: type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" @@ -585,76 +723,100 @@ spec: type: "object" type: "object" automountServiceAccountToken: + description: "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted." type: "boolean" containers: items: + description: "A single application container that you want to run within a pod." properties: args: + description: "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" x-kubernetes-list-type: "atomic" command: + description: "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" x-kubernetes-list-type: "atomic" env: + description: "List of environment variables to set in the container.\nCannot be updated." items: + description: "EnvVar represents an environment variable present in a Container." properties: name: + description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: + description: "Source for the environment variable's value. Cannot be used if value is not empty." properties: configMapKeyRef: + description: "Selects a key of a ConfigMap." properties: key: + description: "The key to select." type: "string" name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: + description: "Specify whether the ConfigMap or its key must be defined" type: "boolean" required: - "key" type: "object" x-kubernetes-map-type: "atomic" fieldRef: + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." type: "string" fieldPath: + description: "Path of the field to select in the specified API version." type: "string" required: - "fieldPath" type: "object" x-kubernetes-map-type: "atomic" resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: + description: "Container name: required for volumes, optional for env vars" type: "string" divisor: anyOf: - type: "integer" - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true resource: + description: "Required: resource to select" type: "string" required: - "resource" type: "object" x-kubernetes-map-type: "atomic" secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" properties: key: + description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: + description: "Specify whether the Secret or its key must be defined" type: "boolean" required: - "key" @@ -669,25 +831,34 @@ spec: - "name" x-kubernetes-list-type: "map" envFrom: + description: "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated." items: + description: "EnvFromSource represents the source of a set of ConfigMaps" properties: configMapRef: + description: "The ConfigMap to select from" properties: name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: + description: "Specify whether the ConfigMap must be defined" type: "boolean" type: "object" x-kubernetes-map-type: "atomic" prefix: + description: "An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER." type: "string" secretRef: + description: "The Secret to select from" properties: name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: + description: "Specify whether the Secret must be defined" type: "boolean" type: "object" x-kubernetes-map-type: "atomic" @@ -695,31 +866,43 @@ spec: type: "array" x-kubernetes-list-type: "atomic" image: + description: "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." type: "string" imagePullPolicy: + description: "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images" type: "string" lifecycle: + description: "Actions that the management system should take in response to container lifecycle events.\nCannot be updated." properties: postStart: + description: "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" properties: exec: + description: "Exec specifies the action to take." properties: command: + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" type: "object" httpGet: + description: "HTTPGet specifies the http request to perform." properties: host: + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: + description: "Custom headers to set in the request. HTTP allows repeated headers." items: + description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: + description: "The header field value" type: "string" required: - "name" @@ -728,58 +911,75 @@ spec: type: "array" x-kubernetes-list-type: "atomic" path: + description: "Path to access on the HTTP server." type: "string" port: anyOf: - type: "integer" - type: "string" + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" sleep: + description: "Sleep represents the duration that the container should sleep before being terminated." properties: seconds: + description: "Seconds is the number of seconds to sleep." format: "int64" type: "integer" required: - "seconds" type: "object" tcpSocket: + description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor the backward compatibility. There are no validation of this field and\nlifecycle hooks will fail in runtime when tcp handler is specified." properties: host: + description: "Optional: Host name to connect to, defaults to the pod IP." type: "string" port: anyOf: - type: "integer" - type: "string" + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" type: "object" preStop: + description: "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" properties: exec: + description: "Exec specifies the action to take." properties: command: + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" type: "object" httpGet: + description: "HTTPGet specifies the http request to perform." properties: host: + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: + description: "Custom headers to set in the request. HTTP allows repeated headers." items: + description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: + description: "The header field value" type: "string" required: - "name" @@ -788,33 +988,41 @@ spec: type: "array" x-kubernetes-list-type: "atomic" path: + description: "Path to access on the HTTP server." type: "string" port: anyOf: - type: "integer" - type: "string" + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" sleep: + description: "Sleep represents the duration that the container should sleep before being terminated." properties: seconds: + description: "Seconds is the number of seconds to sleep." format: "int64" type: "integer" required: - "seconds" type: "object" tcpSocket: + description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor the backward compatibility. There are no validation of this field and\nlifecycle hooks will fail in runtime when tcp handler is specified." properties: host: + description: "Optional: Host name to connect to, defaults to the pod IP." type: "string" port: anyOf: - type: "integer" - type: "string" + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" @@ -822,38 +1030,51 @@ spec: type: "object" type: "object" livenessProbe: + description: "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" properties: exec: + description: "Exec specifies the action to take." properties: command: + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" type: "object" failureThreshold: + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: + description: "GRPC specifies an action involving a GRPC port." properties: port: + description: "Port number of the gRPC service. Number must be in the range 1 to 65535." format: "int32" type: "integer" service: + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" type: "object" httpGet: + description: "HTTPGet specifies the http request to perform." properties: host: + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: + description: "Custom headers to set in the request. HTTP allows repeated headers." items: + description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: + description: "The header field value" type: "string" required: - "name" @@ -862,62 +1083,81 @@ spec: type: "array" x-kubernetes-list-type: "atomic" path: + description: "Path to access on the HTTP server." type: "string" port: anyOf: - type: "integer" - type: "string" + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: + description: "TCPSocket specifies an action involving a TCP port." properties: host: + description: "Optional: Host name to connect to, defaults to the pod IP." type: "string" port: anyOf: - type: "integer" - type: "string" + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" name: + description: "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated." type: "string" ports: + description: "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated." items: + description: "ContainerPort represents a network port in a single container." properties: containerPort: + description: "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536." format: "int32" type: "integer" hostIP: + description: "What host IP to bind the external port to." type: "string" hostPort: + description: "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this." format: "int32" type: "integer" name: + description: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services." type: "string" protocol: default: "TCP" + description: "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\"." type: "string" required: - "containerPort" @@ -928,38 +1168,51 @@ spec: - "protocol" x-kubernetes-list-type: "map" readinessProbe: + description: "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" properties: exec: + description: "Exec specifies the action to take." properties: command: + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" type: "object" failureThreshold: + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: + description: "GRPC specifies an action involving a GRPC port." properties: port: + description: "Port number of the gRPC service. Number must be in the range 1 to 65535." format: "int32" type: "integer" service: + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" type: "object" httpGet: + description: "HTTPGet specifies the http request to perform." properties: host: + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: + description: "Custom headers to set in the request. HTTP allows repeated headers." items: + description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: + description: "The header field value" type: "string" required: - "name" @@ -968,51 +1221,66 @@ spec: type: "array" x-kubernetes-list-type: "atomic" path: + description: "Path to access on the HTTP server." type: "string" port: anyOf: - type: "integer" - type: "string" + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: + description: "TCPSocket specifies an action involving a TCP port." properties: host: + description: "Optional: Host name to connect to, defaults to the pod IP." type: "string" port: anyOf: - type: "integer" - type: "string" + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" resizePolicy: + description: "Resources resize policy for the container." items: + description: "ContainerResizePolicy represents resource resize policy for the container." properties: resourceName: + description: "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory." type: "string" restartPolicy: + description: "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired." type: "string" required: - "resourceName" @@ -1021,11 +1289,15 @@ spec: type: "array" x-kubernetes-list-type: "atomic" resources: + description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" required: - "name" @@ -1041,6 +1313,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -1049,115 +1322,159 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" restartPolicy: + description: "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted." type: "string" securityContext: + description: "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" properties: allowPrivilegeEscalation: + description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" appArmorProfile: + description: "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: + description: "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\"." type: "string" type: + description: "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement." type: "string" required: - "type" type: "object" capabilities: + description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: add: + description: "Added capabilities" items: + description: "Capability represent POSIX capabilities type" type: "string" type: "array" x-kubernetes-list-type: "atomic" drop: + description: "Removed capabilities" items: + description: "Capability represent POSIX capabilities type" type: "string" type: "array" x-kubernetes-list-type: "atomic" type: "object" privileged: + description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: + description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: + description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" runAsGroup: + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" runAsNonRoot: + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "boolean" runAsUser: + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" seLinuxOptions: + description: "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." properties: level: + description: "Level is SELinux level label that applies to the container." type: "string" role: + description: "Role is a SELinux role label that applies to the container." type: "string" type: + description: "Type is a SELinux type label that applies to the container." type: "string" user: + description: "User is a SELinux user label that applies to the container." type: "string" type: "object" seccompProfile: + description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" windowsOptions: + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: gmsaCredentialSpec: + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: + description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." type: "boolean" runAsUserName: + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" startupProbe: + description: "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" properties: exec: + description: "Exec specifies the action to take." properties: command: + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" type: "object" failureThreshold: + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: + description: "GRPC specifies an action involving a GRPC port." properties: port: + description: "Port number of the gRPC service. Number must be in the range 1 to 65535." format: "int32" type: "integer" service: + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" type: "object" httpGet: + description: "HTTPGet specifies the http request to perform." properties: host: + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: + description: "Custom headers to set in the request. HTTP allows repeated headers." items: + description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: + description: "The header field value" type: "string" required: - "name" @@ -1166,61 +1483,81 @@ spec: type: "array" x-kubernetes-list-type: "atomic" path: + description: "Path to access on the HTTP server." type: "string" port: anyOf: - type: "integer" - type: "string" + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: + description: "TCPSocket specifies an action involving a TCP port." properties: host: + description: "Optional: Host name to connect to, defaults to the pod IP." type: "string" port: anyOf: - type: "integer" - type: "string" + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" stdin: + description: "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false." type: "boolean" stdinOnce: + description: "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false" type: "boolean" terminationMessagePath: + description: "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated." type: "string" terminationMessagePolicy: + description: "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated." type: "string" tty: + description: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false." type: "boolean" volumeDevices: + description: "volumeDevices is the list of block devices to be used by the container." items: + description: "volumeDevice describes a mapping of a raw block device within a container." properties: devicePath: + description: "devicePath is the path inside of the container that the device will be mapped to." type: "string" name: + description: "name must match the name of a persistentVolumeClaim in the pod" type: "string" required: - "devicePath" @@ -1231,21 +1568,30 @@ spec: - "devicePath" x-kubernetes-list-type: "map" volumeMounts: + description: "Pod volumes to mount into the container's filesystem.\nCannot be updated." items: + description: "VolumeMount describes a mounting of a Volume within a container." properties: mountPath: + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." type: "string" mountPropagation: + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None)." type: "string" name: + description: "This must match the Name of a Volume." type: "string" readOnly: + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." type: "string" subPathExpr: + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." type: "string" required: - "mountPath" @@ -1256,22 +1602,28 @@ spec: - "mountPath" x-kubernetes-list-type: "map" workingDir: + description: "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated." type: "string" required: - "name" type: "object" type: "array" dnsConfig: + description: "Specifies the DNS parameters of a pod.\nParameters specified here will be merged to the generated DNS\nconfiguration based on DNSPolicy." properties: nameservers: + description: "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.\nDuplicated nameservers will be removed." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" options: + description: "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nDuplicated entries will be removed. Resolution options given in Options\nwill override those that appear in the base DNSPolicy." items: + description: "PodDNSConfigOption defines DNS resolver options of a pod." properties: name: + description: "Required." type: "string" value: type: "string" @@ -1279,84 +1631,110 @@ spec: type: "array" x-kubernetes-list-type: "atomic" searches: + description: "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.\nDuplicated search paths will be removed." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" type: "object" dnsPolicy: + description: "DNSPolicy defines how a pod's DNS will be configured." type: "string" enableServiceLinks: + description: "EnableServiceLinks indicates whether information about services should be injected into pod's\nenvironment variables, matching the syntax of Docker links.\nOptional: Defaults to true." type: "boolean" ephemeralContainers: items: + description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." properties: args: + description: "Arguments to the entrypoint.\nThe image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" x-kubernetes-list-type: "atomic" command: + description: "Entrypoint array. Not executed within a shell.\nThe image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" x-kubernetes-list-type: "atomic" env: + description: "List of environment variables to set in the container.\nCannot be updated." items: + description: "EnvVar represents an environment variable present in a Container." properties: name: + description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: + description: "Source for the environment variable's value. Cannot be used if value is not empty." properties: configMapKeyRef: + description: "Selects a key of a ConfigMap." properties: key: + description: "The key to select." type: "string" name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: + description: "Specify whether the ConfigMap or its key must be defined" type: "boolean" required: - "key" type: "object" x-kubernetes-map-type: "atomic" fieldRef: + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." type: "string" fieldPath: + description: "Path of the field to select in the specified API version." type: "string" required: - "fieldPath" type: "object" x-kubernetes-map-type: "atomic" resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: + description: "Container name: required for volumes, optional for env vars" type: "string" divisor: anyOf: - type: "integer" - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true resource: + description: "Required: resource to select" type: "string" required: - "resource" type: "object" x-kubernetes-map-type: "atomic" secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" properties: key: + description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: + description: "Specify whether the Secret or its key must be defined" type: "boolean" required: - "key" @@ -1371,25 +1749,34 @@ spec: - "name" x-kubernetes-list-type: "map" envFrom: + description: "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated." items: + description: "EnvFromSource represents the source of a set of ConfigMaps" properties: configMapRef: + description: "The ConfigMap to select from" properties: name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: + description: "Specify whether the ConfigMap must be defined" type: "boolean" type: "object" x-kubernetes-map-type: "atomic" prefix: + description: "An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER." type: "string" secretRef: + description: "The Secret to select from" properties: name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: + description: "Specify whether the Secret must be defined" type: "boolean" type: "object" x-kubernetes-map-type: "atomic" @@ -1397,31 +1784,43 @@ spec: type: "array" x-kubernetes-list-type: "atomic" image: + description: "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images" type: "string" imagePullPolicy: + description: "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images" type: "string" lifecycle: + description: "Lifecycle is not allowed for ephemeral containers." properties: postStart: + description: "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" properties: exec: + description: "Exec specifies the action to take." properties: command: + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" type: "object" httpGet: + description: "HTTPGet specifies the http request to perform." properties: host: + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: + description: "Custom headers to set in the request. HTTP allows repeated headers." items: + description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: + description: "The header field value" type: "string" required: - "name" @@ -1430,58 +1829,75 @@ spec: type: "array" x-kubernetes-list-type: "atomic" path: + description: "Path to access on the HTTP server." type: "string" port: anyOf: - type: "integer" - type: "string" + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" sleep: + description: "Sleep represents the duration that the container should sleep before being terminated." properties: seconds: + description: "Seconds is the number of seconds to sleep." format: "int64" type: "integer" required: - "seconds" type: "object" tcpSocket: + description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor the backward compatibility. There are no validation of this field and\nlifecycle hooks will fail in runtime when tcp handler is specified." properties: host: + description: "Optional: Host name to connect to, defaults to the pod IP." type: "string" port: anyOf: - type: "integer" - type: "string" + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" type: "object" preStop: + description: "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" properties: exec: + description: "Exec specifies the action to take." properties: command: + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" type: "object" httpGet: + description: "HTTPGet specifies the http request to perform." properties: host: + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: + description: "Custom headers to set in the request. HTTP allows repeated headers." items: + description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: + description: "The header field value" type: "string" required: - "name" @@ -1490,33 +1906,41 @@ spec: type: "array" x-kubernetes-list-type: "atomic" path: + description: "Path to access on the HTTP server." type: "string" port: anyOf: - type: "integer" - type: "string" + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" sleep: + description: "Sleep represents the duration that the container should sleep before being terminated." properties: seconds: + description: "Seconds is the number of seconds to sleep." format: "int64" type: "integer" required: - "seconds" type: "object" tcpSocket: + description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor the backward compatibility. There are no validation of this field and\nlifecycle hooks will fail in runtime when tcp handler is specified." properties: host: + description: "Optional: Host name to connect to, defaults to the pod IP." type: "string" port: anyOf: - type: "integer" - type: "string" + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" @@ -1524,38 +1948,51 @@ spec: type: "object" type: "object" livenessProbe: + description: "Probes are not allowed for ephemeral containers." properties: exec: + description: "Exec specifies the action to take." properties: command: + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" type: "object" failureThreshold: + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: + description: "GRPC specifies an action involving a GRPC port." properties: port: + description: "Port number of the gRPC service. Number must be in the range 1 to 65535." format: "int32" type: "integer" service: + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" type: "object" httpGet: + description: "HTTPGet specifies the http request to perform." properties: host: + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: + description: "Custom headers to set in the request. HTTP allows repeated headers." items: + description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: + description: "The header field value" type: "string" required: - "name" @@ -1564,62 +2001,81 @@ spec: type: "array" x-kubernetes-list-type: "atomic" path: + description: "Path to access on the HTTP server." type: "string" port: anyOf: - type: "integer" - type: "string" + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: + description: "TCPSocket specifies an action involving a TCP port." properties: host: + description: "Optional: Host name to connect to, defaults to the pod IP." type: "string" port: anyOf: - type: "integer" - type: "string" + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" name: + description: "Name of the ephemeral container specified as a DNS_LABEL.\nThis name must be unique among all containers, init containers and ephemeral containers." type: "string" ports: + description: "Ports are not allowed for ephemeral containers." items: + description: "ContainerPort represents a network port in a single container." properties: containerPort: + description: "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536." format: "int32" type: "integer" hostIP: + description: "What host IP to bind the external port to." type: "string" hostPort: + description: "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this." format: "int32" type: "integer" name: + description: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services." type: "string" protocol: default: "TCP" + description: "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\"." type: "string" required: - "containerPort" @@ -1630,38 +2086,51 @@ spec: - "protocol" x-kubernetes-list-type: "map" readinessProbe: + description: "Probes are not allowed for ephemeral containers." properties: exec: + description: "Exec specifies the action to take." properties: command: + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" type: "object" failureThreshold: + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: + description: "GRPC specifies an action involving a GRPC port." properties: port: + description: "Port number of the gRPC service. Number must be in the range 1 to 65535." format: "int32" type: "integer" service: + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" type: "object" httpGet: + description: "HTTPGet specifies the http request to perform." properties: host: + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: + description: "Custom headers to set in the request. HTTP allows repeated headers." items: + description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: + description: "The header field value" type: "string" required: - "name" @@ -1670,51 +2139,66 @@ spec: type: "array" x-kubernetes-list-type: "atomic" path: + description: "Path to access on the HTTP server." type: "string" port: anyOf: - type: "integer" - type: "string" + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: + description: "TCPSocket specifies an action involving a TCP port." properties: host: + description: "Optional: Host name to connect to, defaults to the pod IP." type: "string" port: anyOf: - type: "integer" - type: "string" + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" resizePolicy: + description: "Resources resize policy for the container." items: + description: "ContainerResizePolicy represents resource resize policy for the container." properties: resourceName: + description: "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory." type: "string" restartPolicy: + description: "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired." type: "string" required: - "resourceName" @@ -1723,11 +2207,15 @@ spec: type: "array" x-kubernetes-list-type: "atomic" resources: + description: "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources\nalready allocated to the pod." properties: claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" required: - "name" @@ -1743,6 +2231,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -1751,115 +2240,159 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" restartPolicy: + description: "Restart policy for the container to manage the restart behavior of each\ncontainer within a pod.\nThis may only be set for init containers. You cannot set this field on\nephemeral containers." type: "string" securityContext: + description: "Optional: SecurityContext defines the security options the ephemeral container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext." properties: allowPrivilegeEscalation: + description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" appArmorProfile: + description: "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: + description: "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\"." type: "string" type: + description: "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement." type: "string" required: - "type" type: "object" capabilities: + description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: add: + description: "Added capabilities" items: + description: "Capability represent POSIX capabilities type" type: "string" type: "array" x-kubernetes-list-type: "atomic" drop: + description: "Removed capabilities" items: + description: "Capability represent POSIX capabilities type" type: "string" type: "array" x-kubernetes-list-type: "atomic" type: "object" privileged: + description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: + description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: + description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" runAsGroup: + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" runAsNonRoot: + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "boolean" runAsUser: + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" seLinuxOptions: + description: "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." properties: level: + description: "Level is SELinux level label that applies to the container." type: "string" role: + description: "Role is a SELinux role label that applies to the container." type: "string" type: + description: "Type is a SELinux type label that applies to the container." type: "string" user: + description: "User is a SELinux user label that applies to the container." type: "string" type: "object" seccompProfile: + description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" windowsOptions: + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: gmsaCredentialSpec: + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: + description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." type: "boolean" runAsUserName: + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" startupProbe: + description: "Probes are not allowed for ephemeral containers." properties: exec: + description: "Exec specifies the action to take." properties: command: + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" type: "object" failureThreshold: + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: + description: "GRPC specifies an action involving a GRPC port." properties: port: + description: "Port number of the gRPC service. Number must be in the range 1 to 65535." format: "int32" type: "integer" service: + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" type: "object" httpGet: + description: "HTTPGet specifies the http request to perform." properties: host: + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: + description: "Custom headers to set in the request. HTTP allows repeated headers." items: + description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: + description: "The header field value" type: "string" required: - "name" @@ -1868,63 +2401,84 @@ spec: type: "array" x-kubernetes-list-type: "atomic" path: + description: "Path to access on the HTTP server." type: "string" port: anyOf: - type: "integer" - type: "string" + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: + description: "TCPSocket specifies an action involving a TCP port." properties: host: + description: "Optional: Host name to connect to, defaults to the pod IP." type: "string" port: anyOf: - type: "integer" - type: "string" + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" stdin: + description: "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false." type: "boolean" stdinOnce: + description: "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false" type: "boolean" targetContainerName: + description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." type: "string" terminationMessagePath: + description: "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated." type: "string" terminationMessagePolicy: + description: "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated." type: "string" tty: + description: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false." type: "boolean" volumeDevices: + description: "volumeDevices is the list of block devices to be used by the container." items: + description: "volumeDevice describes a mapping of a raw block device within a container." properties: devicePath: + description: "devicePath is the path inside of the container that the device will be mapped to." type: "string" name: + description: "name must match the name of a persistentVolumeClaim in the pod" type: "string" required: - "devicePath" @@ -1935,21 +2489,30 @@ spec: - "devicePath" x-kubernetes-list-type: "map" volumeMounts: + description: "Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.\nCannot be updated." items: + description: "VolumeMount describes a mounting of a Volume within a container." properties: mountPath: + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." type: "string" mountPropagation: + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None)." type: "string" name: + description: "This must match the Name of a Volume." type: "string" readOnly: + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." type: "string" subPathExpr: + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." type: "string" required: - "mountPath" @@ -1960,113 +2523,149 @@ spec: - "mountPath" x-kubernetes-list-type: "map" workingDir: + description: "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated." type: "string" required: - "name" type: "object" type: "array" hostAliases: + description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts\nfile if specified. This is only valid for non-hostNetwork pods." items: + description: "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the\npod's hosts file." properties: hostnames: + description: "Hostnames for the above IP address." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" ip: + description: "IP address of the host file entry." type: "string" required: - "ip" type: "object" type: "array" hostIPC: + description: "Use the host's ipc namespace.\nOptional: Default to false." type: "boolean" hostNetwork: + description: "Host networking requested for this pod. Use the host's network namespace.\nIf this option is set, the ports that will be used must be specified.\nDefault to false." type: "boolean" hostPID: + description: "Use the host's pid namespace.\nOptional: Default to false." type: "boolean" hostUsers: + description: "Use the host's user namespace.\nOptional: Default to true.\nIf set to true or not present, the pod will be run in the host user namespace, useful\nfor when the pod needs a feature only available to the host user namespace, such as\nloading a kernel module with CAP_SYS_MODULE.\nWhen set to false, a new userns is created for the pod. Setting false is useful for\nmitigating container breakout vulnerabilities even allowing users to run their\ncontainers as root without actually having root privileges on the host.\nThis field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature." type: "boolean" hostname: + description: "Specifies the hostname of the Pod\nIf not specified, the pod's hostname will be set to a system-defined value." type: "string" imagePullSecrets: + description: "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.\nIf specified, these secrets will be passed to individual puller implementations for them to use.\nMore info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod" items: + description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" type: "array" initContainers: items: + description: "A single application container that you want to run within a pod." properties: args: + description: "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" x-kubernetes-list-type: "atomic" command: + description: "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" x-kubernetes-list-type: "atomic" env: + description: "List of environment variables to set in the container.\nCannot be updated." items: + description: "EnvVar represents an environment variable present in a Container." properties: name: + description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: + description: "Source for the environment variable's value. Cannot be used if value is not empty." properties: configMapKeyRef: + description: "Selects a key of a ConfigMap." properties: key: + description: "The key to select." type: "string" name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: + description: "Specify whether the ConfigMap or its key must be defined" type: "boolean" required: - "key" type: "object" x-kubernetes-map-type: "atomic" fieldRef: + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." type: "string" fieldPath: + description: "Path of the field to select in the specified API version." type: "string" required: - "fieldPath" type: "object" x-kubernetes-map-type: "atomic" resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: + description: "Container name: required for volumes, optional for env vars" type: "string" divisor: anyOf: - type: "integer" - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true resource: + description: "Required: resource to select" type: "string" required: - "resource" type: "object" x-kubernetes-map-type: "atomic" secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" properties: key: + description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: + description: "Specify whether the Secret or its key must be defined" type: "boolean" required: - "key" @@ -2081,25 +2680,34 @@ spec: - "name" x-kubernetes-list-type: "map" envFrom: + description: "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated." items: + description: "EnvFromSource represents the source of a set of ConfigMaps" properties: configMapRef: + description: "The ConfigMap to select from" properties: name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: + description: "Specify whether the ConfigMap must be defined" type: "boolean" type: "object" x-kubernetes-map-type: "atomic" prefix: + description: "An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER." type: "string" secretRef: + description: "The Secret to select from" properties: name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: + description: "Specify whether the Secret must be defined" type: "boolean" type: "object" x-kubernetes-map-type: "atomic" @@ -2107,31 +2715,43 @@ spec: type: "array" x-kubernetes-list-type: "atomic" image: + description: "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." type: "string" imagePullPolicy: + description: "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images" type: "string" lifecycle: + description: "Actions that the management system should take in response to container lifecycle events.\nCannot be updated." properties: postStart: + description: "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" properties: exec: + description: "Exec specifies the action to take." properties: command: + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" type: "object" httpGet: + description: "HTTPGet specifies the http request to perform." properties: host: + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: + description: "Custom headers to set in the request. HTTP allows repeated headers." items: + description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: + description: "The header field value" type: "string" required: - "name" @@ -2140,58 +2760,75 @@ spec: type: "array" x-kubernetes-list-type: "atomic" path: + description: "Path to access on the HTTP server." type: "string" port: anyOf: - type: "integer" - type: "string" + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" sleep: + description: "Sleep represents the duration that the container should sleep before being terminated." properties: seconds: + description: "Seconds is the number of seconds to sleep." format: "int64" type: "integer" required: - "seconds" type: "object" tcpSocket: + description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor the backward compatibility. There are no validation of this field and\nlifecycle hooks will fail in runtime when tcp handler is specified." properties: host: + description: "Optional: Host name to connect to, defaults to the pod IP." type: "string" port: anyOf: - type: "integer" - type: "string" + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" type: "object" preStop: + description: "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" properties: exec: + description: "Exec specifies the action to take." properties: command: + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" type: "object" httpGet: + description: "HTTPGet specifies the http request to perform." properties: host: + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: + description: "Custom headers to set in the request. HTTP allows repeated headers." items: + description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: + description: "The header field value" type: "string" required: - "name" @@ -2200,33 +2837,41 @@ spec: type: "array" x-kubernetes-list-type: "atomic" path: + description: "Path to access on the HTTP server." type: "string" port: anyOf: - type: "integer" - type: "string" + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" sleep: + description: "Sleep represents the duration that the container should sleep before being terminated." properties: seconds: + description: "Seconds is the number of seconds to sleep." format: "int64" type: "integer" required: - "seconds" type: "object" tcpSocket: + description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor the backward compatibility. There are no validation of this field and\nlifecycle hooks will fail in runtime when tcp handler is specified." properties: host: + description: "Optional: Host name to connect to, defaults to the pod IP." type: "string" port: anyOf: - type: "integer" - type: "string" + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" @@ -2234,38 +2879,51 @@ spec: type: "object" type: "object" livenessProbe: + description: "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" properties: exec: + description: "Exec specifies the action to take." properties: command: + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" type: "object" failureThreshold: + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: + description: "GRPC specifies an action involving a GRPC port." properties: port: + description: "Port number of the gRPC service. Number must be in the range 1 to 65535." format: "int32" type: "integer" service: + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" type: "object" httpGet: + description: "HTTPGet specifies the http request to perform." properties: host: + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: + description: "Custom headers to set in the request. HTTP allows repeated headers." items: + description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: + description: "The header field value" type: "string" required: - "name" @@ -2274,62 +2932,81 @@ spec: type: "array" x-kubernetes-list-type: "atomic" path: + description: "Path to access on the HTTP server." type: "string" port: anyOf: - type: "integer" - type: "string" + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: + description: "TCPSocket specifies an action involving a TCP port." properties: host: + description: "Optional: Host name to connect to, defaults to the pod IP." type: "string" port: anyOf: - type: "integer" - type: "string" + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" name: + description: "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated." type: "string" ports: + description: "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated." items: + description: "ContainerPort represents a network port in a single container." properties: containerPort: + description: "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536." format: "int32" type: "integer" hostIP: + description: "What host IP to bind the external port to." type: "string" hostPort: + description: "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this." format: "int32" type: "integer" name: + description: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services." type: "string" protocol: default: "TCP" + description: "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\"." type: "string" required: - "containerPort" @@ -2340,38 +3017,51 @@ spec: - "protocol" x-kubernetes-list-type: "map" readinessProbe: + description: "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" properties: exec: + description: "Exec specifies the action to take." properties: command: + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" type: "object" failureThreshold: + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: + description: "GRPC specifies an action involving a GRPC port." properties: port: + description: "Port number of the gRPC service. Number must be in the range 1 to 65535." format: "int32" type: "integer" service: + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" type: "object" httpGet: + description: "HTTPGet specifies the http request to perform." properties: host: + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: + description: "Custom headers to set in the request. HTTP allows repeated headers." items: + description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: + description: "The header field value" type: "string" required: - "name" @@ -2380,51 +3070,66 @@ spec: type: "array" x-kubernetes-list-type: "atomic" path: + description: "Path to access on the HTTP server." type: "string" port: anyOf: - type: "integer" - type: "string" + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: + description: "TCPSocket specifies an action involving a TCP port." properties: host: + description: "Optional: Host name to connect to, defaults to the pod IP." type: "string" port: anyOf: - type: "integer" - type: "string" + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" resizePolicy: + description: "Resources resize policy for the container." items: + description: "ContainerResizePolicy represents resource resize policy for the container." properties: resourceName: + description: "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory." type: "string" restartPolicy: + description: "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired." type: "string" required: - "resourceName" @@ -2433,11 +3138,15 @@ spec: type: "array" x-kubernetes-list-type: "atomic" resources: + description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" required: - "name" @@ -2453,6 +3162,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -2461,115 +3171,159 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" restartPolicy: + description: "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted." type: "string" securityContext: + description: "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" properties: allowPrivilegeEscalation: + description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" appArmorProfile: + description: "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: + description: "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\"." type: "string" type: + description: "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement." type: "string" required: - "type" type: "object" capabilities: + description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: add: + description: "Added capabilities" items: + description: "Capability represent POSIX capabilities type" type: "string" type: "array" x-kubernetes-list-type: "atomic" drop: + description: "Removed capabilities" items: + description: "Capability represent POSIX capabilities type" type: "string" type: "array" x-kubernetes-list-type: "atomic" type: "object" privileged: + description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: + description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: + description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" runAsGroup: + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" runAsNonRoot: + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "boolean" runAsUser: + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" seLinuxOptions: + description: "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." properties: level: + description: "Level is SELinux level label that applies to the container." type: "string" role: + description: "Role is a SELinux role label that applies to the container." type: "string" type: + description: "Type is a SELinux type label that applies to the container." type: "string" user: + description: "User is a SELinux user label that applies to the container." type: "string" type: "object" seccompProfile: + description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" windowsOptions: + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: gmsaCredentialSpec: + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: + description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." type: "boolean" runAsUserName: + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" startupProbe: + description: "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" properties: exec: + description: "Exec specifies the action to take." properties: command: + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" type: "object" failureThreshold: + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: + description: "GRPC specifies an action involving a GRPC port." properties: port: + description: "Port number of the gRPC service. Number must be in the range 1 to 65535." format: "int32" type: "integer" service: + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" type: "object" httpGet: + description: "HTTPGet specifies the http request to perform." properties: host: + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: + description: "Custom headers to set in the request. HTTP allows repeated headers." items: + description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: + description: "The header field value" type: "string" required: - "name" @@ -2578,61 +3332,81 @@ spec: type: "array" x-kubernetes-list-type: "atomic" path: + description: "Path to access on the HTTP server." type: "string" port: anyOf: - type: "integer" - type: "string" + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: + description: "TCPSocket specifies an action involving a TCP port." properties: host: + description: "Optional: Host name to connect to, defaults to the pod IP." type: "string" port: anyOf: - type: "integer" - type: "string" + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" stdin: + description: "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false." type: "boolean" stdinOnce: + description: "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false" type: "boolean" terminationMessagePath: + description: "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated." type: "string" terminationMessagePolicy: + description: "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated." type: "string" tty: + description: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false." type: "boolean" volumeDevices: + description: "volumeDevices is the list of block devices to be used by the container." items: + description: "volumeDevice describes a mapping of a raw block device within a container." properties: devicePath: + description: "devicePath is the path inside of the container that the device will be mapped to." type: "string" name: + description: "name must match the name of a persistentVolumeClaim in the pod" type: "string" required: - "devicePath" @@ -2643,21 +3417,30 @@ spec: - "devicePath" x-kubernetes-list-type: "map" volumeMounts: + description: "Pod volumes to mount into the container's filesystem.\nCannot be updated." items: + description: "VolumeMount describes a mounting of a Volume within a container." properties: mountPath: + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." type: "string" mountPropagation: + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None)." type: "string" name: + description: "This must match the Name of a Volume." type: "string" readOnly: + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." type: "string" subPathExpr: + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." type: "string" required: - "mountPath" @@ -2668,21 +3451,26 @@ spec: - "mountPath" x-kubernetes-list-type: "map" workingDir: + description: "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated." type: "string" required: - "name" type: "object" type: "array" nodeName: + description: "NodeName is a request to schedule this pod onto a specific node. If it is non-empty,\nthe scheduler simply schedules this pod onto that node, assuming that it fits resource\nrequirements." type: "string" nodeSelector: additionalProperties: type: "string" + description: "NodeSelector is a selector which must be true for the pod to fit on a node.\nSelector which must match a node's labels for the pod to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" type: "object" x-kubernetes-map-type: "atomic" os: + description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" properties: name: + description: "Name is the name of the operating system. The currently supported values are linux and windows.\nAdditional value may be defined in future and can be one of:\nhttps://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration\nClients should expect to handle additional values and treat unrecognized values in this field as os: null" type: "string" required: - "name" @@ -2694,85 +3482,117 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true + description: "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.\nThis field will be autopopulated at admission time by the RuntimeClass admission controller. If\nthe RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.\nThe RuntimeClass admission controller will reject Pod create requests which have the overhead already\nset. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value\ndefined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.\nMore info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md" type: "object" preemptionPolicy: + description: "PreemptionPolicy is the Policy for preempting pods with lower priority.\nOne of Never, PreemptLowerPriority.\nDefaults to PreemptLowerPriority if unset." type: "string" priority: + description: "The priority value. Various system components use this field to find the\npriority of the pod. When Priority Admission Controller is enabled, it\nprevents users from setting this field. The admission controller populates\nthis field from PriorityClassName.\nThe higher the value, the higher the priority." format: "int32" type: "integer" priorityClassName: + description: "If specified, indicates the pod's priority. \"system-node-critical\" and\n\"system-cluster-critical\" are two special keywords which indicate the\nhighest priorities with the former being the highest priority. Any other\nname must be defined by creating a PriorityClass object with that name.\nIf not specified, the pod priority will be default or zero if there is no\ndefault." type: "string" readinessGates: + description: "If specified, all readiness gates will be evaluated for pod readiness.\nA pod is ready when all its containers are ready AND\nall conditions specified in the readiness gates have status equal to \"True\"\nMore info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates" items: + description: "PodReadinessGate contains the reference to a pod condition" properties: conditionType: + description: "ConditionType refers to a condition in the pod's condition list with matching type." type: "string" required: - "conditionType" type: "object" type: "array" restartPolicy: + description: "RestartPolicy describes how the container should be restarted.\nOnly one of the following restart policies may be specified.\nIf none of the following policies is specified, the default one\nis RestartPolicyAlways." type: "string" runtimeClassName: + description: "RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used\nto run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.\nIf unset or empty, the \"legacy\" RuntimeClass will be used, which is an implicit class with an\nempty definition that uses the default runtime handler.\nMore info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class" type: "string" schedulerName: + description: "If specified, the pod will be dispatched by specified scheduler.\nIf not specified, the pod will be dispatched by default scheduler." type: "string" securityContext: + description: "SecurityContext holds pod-level security attributes and common container settings.\nOptional: Defaults to empty. See type description for default values of each field." properties: appArmorProfile: + description: "appArmorProfile is the AppArmor options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: + description: "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\"." type: "string" type: + description: "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement." type: "string" required: - "type" type: "object" fsGroup: + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: + description: "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows." type: "string" runAsGroup: + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" runAsNonRoot: + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "boolean" runAsUser: + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" seLinuxOptions: + description: "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows." properties: level: + description: "Level is SELinux level label that applies to the container." type: "string" role: + description: "Role is a SELinux role label that applies to the container." type: "string" type: + description: "Type is a SELinux type label that applies to the container." type: "string" user: + description: "User is a SELinux user label that applies to the container." type: "string" type: "object" seccompProfile: + description: "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: + description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" sysctls: + description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: + description: "Sysctl defines a kernel parameter to be set" properties: name: + description: "Name of a property to set" type: "string" value: + description: "Value of a property to set" type: "string" required: - "name" @@ -2781,59 +3601,84 @@ spec: type: "array" x-kubernetes-list-type: "atomic" windowsOptions: + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: gmsaCredentialSpec: + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: + description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." type: "boolean" runAsUserName: + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" serviceAccount: + description: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.\nDeprecated: Use serviceAccountName instead." type: "string" serviceAccountName: + description: "ServiceAccountName is the name of the ServiceAccount to use to run this pod.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" type: "string" setHostnameAsFQDN: + description: "If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).\nIn Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).\nIn Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Tcpip\\\\Parameters to FQDN.\nIf a pod does not have FQDN, this has no effect.\nDefault to false." type: "boolean" shareProcessNamespace: + description: "Share a single process namespace between all of the containers in a pod.\nWhen this is set containers will be able to view and signal processes from other containers\nin the same pod, and the first process in each container will not be assigned PID 1.\nHostPID and ShareProcessNamespace cannot both be set.\nOptional: Default to false." type: "boolean" subdomain: + description: "If specified, the fully qualified Pod hostname will be \"...svc.\".\nIf not specified, the pod will not have a domainname at all." type: "string" terminationGracePeriodSeconds: format: "int64" type: "integer" tolerations: + description: "If specified, the pod's tolerations." items: + description: "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ." properties: effect: + description: "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." type: "string" key: + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys." type: "string" operator: + description: "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category." type: "string" tolerationSeconds: + description: "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system." format: "int64" type: "integer" value: + description: "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string." type: "string" type: "object" type: "array" topologySpreadConstraints: + description: "TopologySpreadConstraints describes how a group of pods ought to spread across topology\ndomains. Scheduler will schedule pods in a way which abides by the constraints.\nAll topologySpreadConstraints are ANDed." items: + description: "TopologySpreadConstraint specifies how to spread matching pods among the given topology." properties: labelSelector: + description: "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain." properties: matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: + description: "key is the label key that the selector applies to." type: "string" operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -2847,27 +3692,35 @@ spec: matchLabels: additionalProperties: type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" maxSkew: + description: "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed." format: "int32" type: "integer" minDomains: + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: + description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." type: "string" whenUnsatisfiable: + description: "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field." type: "string" required: - "maxSkew" @@ -2881,108 +3734,146 @@ spec: x-kubernetes-list-type: "map" volumes: items: + description: "Volume represents a named volume in a pod that may be accessed by any container in the pod." properties: awsElasticBlockStore: + description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" partition: + description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." format: "int32" type: "integer" readOnly: + description: "readOnly value true will force the readOnly setting in VolumeMounts.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "boolean" volumeID: + description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" required: - "volumeID" type: "object" azureDisk: + description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod." properties: cachingMode: + description: "cachingMode is the Host Caching mode: None, Read Only, Read Write." type: "string" diskName: + description: "diskName is the Name of the data disk in the blob storage" type: "string" diskURI: + description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: + description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: - "diskName" - "diskURI" type: "object" azureFile: + description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod." properties: readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" secretName: + description: "secretName is the name of secret that contains Azure Storage Account Name and Key" type: "string" shareName: + description: "shareName is the azure share Name" type: "string" required: - "secretName" - "shareName" type: "object" cephfs: + description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime" properties: monitors: + description: "monitors is Required: Monitors is a collection of Ceph monitors\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" items: type: "string" type: "array" x-kubernetes-list-type: "atomic" path: + description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" type: "string" readOnly: + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "boolean" secretFile: + description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "string" secretRef: + description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" properties: name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + description: "user is optional: User is the rados user name, default is admin\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "string" required: - "monitors" type: "object" cinder: + description: "cinder represents a cinder volume attached and mounted on kubelets host machine.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" properties: fsType: + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "string" readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "boolean" secretRef: + description: "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack." properties: name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" volumeID: + description: "volumeID used to identify the volume in cinder.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "string" required: - "volumeID" type: "object" configMap: + description: "configMap represents a configMap that should populate this volume" properties: defaultMode: + description: "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" items: + description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." items: + description: "Maps a string key to a path within a volume." properties: key: + description: "key is the key to project." type: "string" mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." type: "string" required: - "key" @@ -2992,67 +3883,89 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: + description: "optional specify whether the ConfigMap or its keys must be defined" type: "boolean" type: "object" x-kubernetes-map-type: "atomic" csi: + description: "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature)." properties: driver: + description: "driver is the name of the CSI driver that handles this volume.\nConsult with your admin for the correct name as registered in the cluster." type: "string" fsType: + description: "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\".\nIf not provided, the empty value is passed to the associated CSI driver\nwhich will determine the default filesystem to apply." type: "string" nodePublishSecretRef: + description: "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed." properties: name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" readOnly: + description: "readOnly specifies a read-only configuration for the volume.\nDefaults to false (read/write)." type: "boolean" volumeAttributes: additionalProperties: type: "string" + description: "volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values." type: "object" required: - "driver" type: "object" downwardAPI: + description: "downwardAPI represents downward API about the pod that should populate this volume" properties: defaultMode: + description: "Optional: mode bits to use on created files by default. Must be a\nOptional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" items: + description: "Items is a list of downward API volume file" items: + description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" properties: fieldRef: + description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." properties: apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." type: "string" fieldPath: + description: "Path of the field to select in the specified API version." type: "string" required: - "fieldPath" type: "object" x-kubernetes-map-type: "atomic" mode: + description: "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: + description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" type: "string" resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." properties: containerName: + description: "Container name: required for volumes, optional for env vars" type: "string" divisor: anyOf: - type: "integer" - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true resource: + description: "Required: resource to select" type: "string" required: - "resource" @@ -3065,36 +3978,48 @@ spec: x-kubernetes-list-type: "atomic" type: "object" emptyDir: + description: "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" properties: medium: + description: "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" type: "string" sizeLimit: anyOf: - type: "integer" - type: "string" + description: "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true type: "object" ephemeral: + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." properties: metadata: + description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." type: "object" spec: + description: "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here." properties: accessModes: + description: "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" items: type: "string" type: "array" x-kubernetes-list-type: "atomic" dataSource: + description: "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource." properties: apiGroup: + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" kind: + description: "Kind is the type of resource being referenced" type: "string" name: + description: "Name is the name of resource being referenced" type: "string" required: - "kind" @@ -3102,20 +4027,26 @@ spec: type: "object" x-kubernetes-map-type: "atomic" dataSourceRef: + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." properties: apiGroup: + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" kind: + description: "Kind is the type of resource being referenced" type: "string" name: + description: "Name is the name of resource being referenced" type: "string" namespace: + description: "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." type: "string" required: - "kind" - "name" type: "object" resources: + description: "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" properties: limits: additionalProperties: @@ -3124,6 +4055,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -3132,18 +4064,25 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" selector: + description: "selector is a label query over volumes to consider for binding." properties: matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: + description: "key is the label key that the selector applies to." type: "string" operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -3157,16 +4096,21 @@ spec: matchLabels: additionalProperties: type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" storageClassName: + description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." type: "string" volumeMode: + description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." type: "string" volumeName: + description: "volumeName is the binding reference to the PersistentVolume backing this claim." type: "string" type: "object" required: @@ -3174,41 +4118,54 @@ spec: type: "object" type: "object" fc: + description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" lun: + description: "lun is Optional: FC target lun number" format: "int32" type: "integer" readOnly: + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" targetWWNs: + description: "targetWWNs is Optional: FC target worldwide names (WWNs)" items: type: "string" type: "array" x-kubernetes-list-type: "atomic" wwids: + description: "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" type: "object" flexVolume: + description: "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin." properties: driver: + description: "driver is the name of the driver to use for this volume." type: "string" fsType: + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script." type: "string" options: additionalProperties: type: "string" + description: "options is Optional: this field holds extra command options if any." type: "object" readOnly: + description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" secretRef: + description: "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts." properties: name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3216,90 +4173,122 @@ spec: - "driver" type: "object" flocker: + description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running" properties: datasetName: + description: "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker\nshould be considered as deprecated" type: "string" datasetUUID: + description: "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset" type: "string" type: "object" gcePersistentDisk: + description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" partition: + description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" format: "int32" type: "integer" pdName: + description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" readOnly: + description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "boolean" required: - "pdName" type: "object" gitRepo: + description: "gitRepo represents a git repository at a particular revision.\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\ninto the Pod's container." properties: directory: + description: "directory is the target directory name.\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\ngit repository. Otherwise, if specified, the volume will contain the git repository in\nthe subdirectory with the given name." type: "string" repository: + description: "repository is the URL" type: "string" revision: + description: "revision is the commit hash for the specified revision." type: "string" required: - "repository" type: "object" glusterfs: + description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md" properties: endpoints: + description: "endpoints is the endpoint name that details Glusterfs topology.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "string" path: + description: "path is the Glusterfs volume path.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "string" readOnly: + description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "boolean" required: - "endpoints" - "path" type: "object" hostPath: + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." properties: path: + description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" type: "string" type: + description: "type for HostPath Volume\nDefaults to \"\"\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" type: "string" required: - "path" type: "object" iscsi: + description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: chapAuthDiscovery: + description: "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication" type: "boolean" chapAuthSession: + description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" initiatorName: + description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." type: "string" iqn: + description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: + description: "lun represents iSCSI Target Lun number." format: "int32" type: "integer" portals: + description: "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" readOnly: + description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false." type: "boolean" secretRef: + description: "secretRef is the CHAP Secret for iSCSI target and initiator authentication" properties: name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" targetPortal: + description: "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260)." type: "string" required: - "iqn" @@ -3307,68 +4296,94 @@ spec: - "targetPortal" type: "object" name: + description: "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" nfs: + description: "nfs represents an NFS mount on the host that shares a pod's lifetime\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" properties: path: + description: "path that is exported by the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "string" readOnly: + description: "readOnly here will force the NFS export to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "boolean" server: + description: "server is the hostname or IP address of the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "string" required: - "path" - "server" type: "object" persistentVolumeClaim: + description: "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" properties: claimName: + description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" type: "string" readOnly: + description: "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false." type: "boolean" required: - "claimName" type: "object" photonPersistentDisk: + description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine" properties: fsType: + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" pdID: + description: "pdID is the ID that identifies Photon Controller persistent disk" type: "string" required: - "pdID" type: "object" portworxVolume: + description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine" properties: fsType: + description: "fSType represents the filesystem type to mount\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" volumeID: + description: "volumeID uniquely identifies a Portworx volume" type: "string" required: - "volumeID" type: "object" projected: + description: "projected items for all in one resources secrets, configmaps, and downward API" properties: defaultMode: + description: "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" sources: + description: "sources is the list of volume projections" items: + description: "Projection that may be projected along with other supported volume types" properties: clusterTrustBundle: + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: + description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." properties: matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: + description: "key is the label key that the selector applies to." type: "string" operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -3382,31 +4397,42 @@ spec: matchLabels: additionalProperties: type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" name: + description: "Select a single ClusterTrustBundle by object name. Mutually-exclusive\nwith signerName and labelSelector." type: "string" optional: + description: "If true, don't block pod startup if the referenced ClusterTrustBundle(s)\naren't available. If using name, then the named ClusterTrustBundle is\nallowed not to exist. If using signerName, then the combination of\nsignerName and labelSelector is allowed to match zero\nClusterTrustBundles." type: "boolean" path: + description: "Relative path from the volume root to write the bundle." type: "string" signerName: + description: "Select all ClusterTrustBundles that match this signer name.\nMutually-exclusive with name. The contents of all selected\nClusterTrustBundles will be unified and deduplicated." type: "string" required: - "path" type: "object" configMap: + description: "configMap information about the configMap data to project" properties: items: + description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." items: + description: "Maps a string key to a path within a volume." properties: key: + description: "key is the key to project." type: "string" mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." type: "string" required: - "key" @@ -3416,42 +4442,56 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: + description: "optional specify whether the ConfigMap or its keys must be defined" type: "boolean" type: "object" x-kubernetes-map-type: "atomic" downwardAPI: + description: "downwardAPI information about the downwardAPI data to project" properties: items: + description: "Items is a list of DownwardAPIVolume file" items: + description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" properties: fieldRef: + description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." properties: apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." type: "string" fieldPath: + description: "Path of the field to select in the specified API version." type: "string" required: - "fieldPath" type: "object" x-kubernetes-map-type: "atomic" mode: + description: "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: + description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" type: "string" resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." properties: containerName: + description: "Container name: required for volumes, optional for env vars" type: "string" divisor: anyOf: - type: "integer" - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true resource: + description: "Required: resource to select" type: "string" required: - "resource" @@ -3464,16 +4504,22 @@ spec: x-kubernetes-list-type: "atomic" type: "object" secret: + description: "secret information about the secret data to project" properties: items: + description: "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." items: + description: "Maps a string key to a path within a volume." properties: key: + description: "key is the key to project." type: "string" mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." type: "string" required: - "key" @@ -3483,19 +4529,25 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: + description: "optional field specify whether the Secret or its key must be defined" type: "boolean" type: "object" x-kubernetes-map-type: "atomic" serviceAccountToken: + description: "serviceAccountToken is information about the serviceAccountToken data to project" properties: audience: + description: "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver." type: "string" expirationSeconds: + description: "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes." format: "int64" type: "integer" path: + description: "path is the path relative to the mount point of the file to project the\ntoken into." type: "string" required: - "path" @@ -3505,79 +4557,108 @@ spec: x-kubernetes-list-type: "atomic" type: "object" quobyte: + description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime" properties: group: + description: "group to map volume access to\nDefault is no group" type: "string" readOnly: + description: "readOnly here will force the Quobyte volume to be mounted with read-only permissions.\nDefaults to false." type: "boolean" registry: + description: "registry represents a single or multiple Quobyte Registry services\nspecified as a string as host:port pair (multiple entries are separated with commas)\nwhich acts as the central registry for volumes" type: "string" tenant: + description: "tenant owning the given Quobyte volume in the Backend\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin" type: "string" user: + description: "user to map volume access to\nDefaults to serivceaccount user" type: "string" volume: + description: "volume is a string that references an already created Quobyte volume by name." type: "string" required: - "registry" - "volume" type: "object" rbd: + description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" image: + description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: + description: "monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" items: type: "string" type: "array" x-kubernetes-list-type: "atomic" pool: + description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: + description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "boolean" secretRef: + description: "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" properties: name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: - "image" - "monitors" type: "object" scaleIO: + description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: + description: "gateway is the host address of the ScaleIO API Gateway." type: "string" protectionDomain: + description: "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage." type: "string" readOnly: + description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" secretRef: + description: "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail." properties: name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" sslEnabled: + description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: + description: "storagePool is the ScaleIO Storage Pool associated with the protection domain." type: "string" system: + description: "system is the name of the storage system as configured in ScaleIO." type: "string" volumeName: + description: "volumeName is the name of a volume already created in the ScaleIO system\nthat is associated with this volume source." type: "string" required: - "gateway" @@ -3585,19 +4666,26 @@ spec: - "system" type: "object" secret: + description: "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" properties: defaultMode: + description: "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" items: + description: "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." items: + description: "Maps a string key to a path within a volume." properties: key: + description: "key is the key to project." type: "string" mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." type: "string" required: - "key" @@ -3606,37 +4694,51 @@ spec: type: "array" x-kubernetes-list-type: "atomic" optional: + description: "optional field specify whether the Secret or its keys must be defined" type: "boolean" secretName: + description: "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" type: "string" type: "object" storageos: + description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes." properties: fsType: + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" secretRef: + description: "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted." properties: name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" volumeName: + description: "volumeName is the human-readable name of the StorageOS volume. Volume\nnames are only unique within a namespace." type: "string" volumeNamespace: + description: "volumeNamespace specifies the scope of the volume within StorageOS. If no\nnamespace is specified then the Pod's namespace will be used. This allows the\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\nSet VolumeName to any name to override the default behaviour.\nSet to \"default\" if you are not using namespaces within StorageOS.\nNamespaces that do not pre-exist within StorageOS will be created." type: "string" type: "object" vsphereVolume: + description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine" properties: fsType: + description: "fsType is filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" storagePolicyID: + description: "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName." type: "string" storagePolicyName: + description: "storagePolicyName is the storage Policy Based Management (SPBM) profile name." type: "string" volumePath: + description: "volumePath is the path that identifies vSphere volume vmdk" type: "string" required: - "volumePath" @@ -3650,54 +4752,70 @@ spec: type: "object" type: "object" external: + description: "External enables you to configure external grafana instances that is not managed by the operator." properties: adminPassword: + description: "AdminPassword key to talk to the external grafana instance." properties: key: + description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: + description: "Specify whether the Secret or its key must be defined" type: "boolean" required: - "key" type: "object" x-kubernetes-map-type: "atomic" adminUser: + description: "AdminUser key to talk to the external grafana instance." properties: key: + description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: + description: "Specify whether the Secret or its key must be defined" type: "boolean" required: - "key" type: "object" x-kubernetes-map-type: "atomic" apiKey: + description: "The API key to talk to the external grafana instance, you need to define ether apiKey or adminUser/adminPassword." properties: key: + description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: + description: "Specify whether the Secret or its key must be defined" type: "boolean" required: - "key" type: "object" x-kubernetes-map-type: "atomic" url: + description: "URL of the external grafana instance you want to manage." type: "string" required: - "url" type: "object" ingress: + description: "Ingress sets how the ingress object should look like with your grafana instance." properties: metadata: + description: "ObjectMeta contains only a [subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta)." properties: annotations: additionalProperties: @@ -3709,16 +4827,22 @@ spec: type: "object" type: "object" spec: + description: "IngressSpec describes the Ingress the user wishes to exist." properties: defaultBackend: + description: "defaultBackend is the backend that should handle requests that don't\nmatch any rule. If Rules are not specified, DefaultBackend must be specified.\nIf DefaultBackend is not set, the handling of requests that do not match any\nof the rules will be up to the Ingress controller." properties: resource: + description: "resource is an ObjectRef to another Kubernetes resource in the namespace\nof the Ingress object. If resource is specified, a service.Name and\nservice.Port must not be specified.\nThis is a mutually exclusive setting with \"Service\"." properties: apiGroup: + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" kind: + description: "Kind is the type of resource being referenced" type: "string" name: + description: "Name is the name of resource being referenced" type: "string" required: - "kind" @@ -3726,14 +4850,19 @@ spec: type: "object" x-kubernetes-map-type: "atomic" service: + description: "service references a service as a backend.\nThis is a mutually exclusive setting with \"Resource\"." properties: name: + description: "name is the referenced service. The service must exist in\nthe same namespace as the Ingress object." type: "string" port: + description: "port of the referenced service. A port name or port number\nis required for a IngressServiceBackend." properties: name: + description: "name is the name of the port on the Service.\nThis is a mutually exclusive setting with \"Number\"." type: "string" number: + description: "number is the numerical port number (e.g. 80) on the Service.\nThis is a mutually exclusive setting with \"Name\"." format: "int32" type: "integer" type: "object" @@ -3742,26 +4871,38 @@ spec: type: "object" type: "object" ingressClassName: + description: "ingressClassName is the name of an IngressClass cluster resource. Ingress\ncontroller implementations use this field to know whether they should be\nserving this Ingress resource, by a transitive connection\n(controller -> IngressClass -> Ingress resource). Although the\n`kubernetes.io/ingress.class` annotation (simple constant name) was never\nformally defined, it was widely supported by Ingress controllers to create\na direct binding between Ingress controller and Ingress resources. Newly\ncreated Ingress resources should prefer using the field. However, even\nthough the annotation is officially deprecated, for backwards compatibility\nreasons, ingress controllers should still honor that annotation if present." type: "string" rules: + description: "rules is a list of host rules used to configure the Ingress. If unspecified,\nor no rule matches, all traffic is sent to the default backend." items: + description: "IngressRule represents the rules mapping the paths under a specified host to\nthe related backend services. Incoming requests are first evaluated for a host\nmatch, then routed to the backend associated with the matching IngressRuleValue." properties: host: + description: "host is the fully qualified domain name of a network host, as defined by RFC 3986.\nNote the following deviations from the \"host\" part of the\nURI as defined in RFC 3986:\n1. IPs are not allowed. Currently an IngressRuleValue can only apply to\n the IP in the Spec of the parent Ingress.\n2. The `:` delimiter is not respected because ports are not allowed.\n\t Currently the port of an Ingress is implicitly :80 for http and\n\t :443 for https.\nBoth these may change in the future.\nIncoming requests are matched against the host before the\nIngressRuleValue. If the host is unspecified, the Ingress routes all\ntraffic based on the specified IngressRuleValue.\n\n\nhost can be \"precise\" which is a domain name without the terminating dot of\na network host (e.g. \"foo.bar.com\") or \"wildcard\", which is a domain name\nprefixed with a single wildcard label (e.g. \"*.foo.com\").\nThe wildcard character '*' must appear by itself as the first DNS label and\nmatches only a single label. You cannot have a wildcard label by itself (e.g. Host == \"*\").\nRequests will be matched against the Host field in the following way:\n1. If host is precise, the request matches this rule if the http host header is equal to Host.\n2. If host is a wildcard, then the request matches this rule if the http host header\nis to equal to the suffix (removing the first label) of the wildcard rule." type: "string" http: + description: "HTTPIngressRuleValue is a list of http selectors pointing to backends.\nIn the example: http:///? -> backend where\nwhere parts of the url correspond to RFC 3986, this resource will be used\nto match against everything after the last '/' and before the first '?'\nor '#'." properties: paths: + description: "paths is a collection of paths that map requests to backends." items: + description: "HTTPIngressPath associates a path with a backend. Incoming urls matching the\npath are forwarded to the backend." properties: backend: + description: "backend defines the referenced service endpoint to which the traffic\nwill be forwarded to." properties: resource: + description: "resource is an ObjectRef to another Kubernetes resource in the namespace\nof the Ingress object. If resource is specified, a service.Name and\nservice.Port must not be specified.\nThis is a mutually exclusive setting with \"Service\"." properties: apiGroup: + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" kind: + description: "Kind is the type of resource being referenced" type: "string" name: + description: "Name is the name of resource being referenced" type: "string" required: - "kind" @@ -3769,14 +4910,19 @@ spec: type: "object" x-kubernetes-map-type: "atomic" service: + description: "service references a service as a backend.\nThis is a mutually exclusive setting with \"Resource\"." properties: name: + description: "name is the referenced service. The service must exist in\nthe same namespace as the Ingress object." type: "string" port: + description: "port of the referenced service. A port name or port number\nis required for a IngressServiceBackend." properties: name: + description: "name is the name of the port on the Service.\nThis is a mutually exclusive setting with \"Number\"." type: "string" number: + description: "number is the numerical port number (e.g. 80) on the Service.\nThis is a mutually exclusive setting with \"Name\"." format: "int32" type: "integer" type: "object" @@ -3785,8 +4931,10 @@ spec: type: "object" type: "object" path: + description: "path is matched against the path of an incoming request. Currently it can\ncontain characters disallowed from the conventional \"path\" part of a URL\nas defined by RFC 3986. Paths must begin with a '/' and must be present\nwhen using PathType with value \"Exact\" or \"Prefix\"." type: "string" pathType: + description: "pathType determines the interpretation of the path matching. PathType can\nbe one of the following values:\n* Exact: Matches the URL path exactly.\n* Prefix: Matches based on a URL path prefix split by '/'. Matching is\n done on a path element by element basis. A path element refers is the\n list of labels in the path split by the '/' separator. A request is a\n match for path p if every p is an element-wise prefix of p of the\n request path. Note that if the last element of the path is a substring\n of the last element in request path, it is not a match (e.g. /foo/bar\n matches /foo/bar/baz, but does not match /foo/barbaz).\n* ImplementationSpecific: Interpretation of the Path matching is up to\n the IngressClass. Implementations can treat this as a separate PathType\n or treat it identically to Prefix or Exact path types.\nImplementations are required to support all path types." type: "string" required: - "backend" @@ -3801,14 +4949,18 @@ spec: type: "array" x-kubernetes-list-type: "atomic" tls: + description: "tls represents the TLS configuration. Currently the Ingress only supports a\nsingle TLS port, 443. If multiple members of this list specify different hosts,\nthey will be multiplexed on the same port according to the hostname specified\nthrough the SNI TLS extension, if the ingress controller fulfilling the\ningress supports SNI." items: + description: "IngressTLS describes the transport layer security associated with an ingress." properties: hosts: + description: "hosts is a list of hosts included in the TLS certificate. The values in\nthis list must match the name/s used in the tlsSecret. Defaults to the\nwildcard host setting for the loadbalancer controller fulfilling this\nIngress, if left unspecified." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" secretName: + description: "secretName is the name of the secret used to terminate TLS traffic on\nport 443. Field is left optional to allow TLS routing based on SNI\nhostname alone. If the SNI host in a listener conflicts with the \"Host\"\nheader field used by an IngressRule, the SNI host is used for termination\nand value of the \"Host\" header is used for routing." type: "string" type: "object" type: "array" @@ -3818,15 +4970,21 @@ spec: jsonnet: properties: libraryLabelSelector: + description: "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects." properties: matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: + description: "key is the label key that the selector applies to." type: "string" operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -3840,13 +4998,16 @@ spec: matchLabels: additionalProperties: type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" type: "object" persistentVolumeClaim: + description: "PersistentVolumeClaim creates a PVC if you need to attach one to your grafana instance." properties: metadata: + description: "ObjectMeta contains only a [subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta)." properties: annotations: additionalProperties: @@ -3864,12 +5025,16 @@ spec: type: "string" type: "array" dataSource: + description: "TypedLocalObjectReference contains enough information to let you locate the\ntyped referenced object inside the same namespace." properties: apiGroup: + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" kind: + description: "Kind is the type of resource being referenced" type: "string" name: + description: "Name is the name of resource being referenced" type: "string" required: - "kind" @@ -3877,12 +5042,16 @@ spec: type: "object" x-kubernetes-map-type: "atomic" dataSourceRef: + description: "TypedLocalObjectReference contains enough information to let you locate the\ntyped referenced object inside the same namespace." properties: apiGroup: + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" kind: + description: "Kind is the type of resource being referenced" type: "string" name: + description: "Name is the name of resource being referenced" type: "string" required: - "kind" @@ -3890,11 +5059,15 @@ spec: type: "object" x-kubernetes-map-type: "atomic" resources: + description: "ResourceRequirements describes the compute resource requirements." properties: claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" required: - "name" @@ -3910,6 +5083,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -3918,18 +5092,25 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" selector: + description: "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects." properties: matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: + description: "key is the label key that the selector applies to." type: "string" operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -3943,25 +5124,31 @@ spec: matchLabels: additionalProperties: type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" storageClassName: type: "string" volumeMode: + description: "PersistentVolumeMode describes how a volume is intended to be consumed, either Block or Filesystem." type: "string" volumeName: + description: "VolumeName is the binding reference to the PersistentVolume backing this claim." type: "string" type: "object" type: "object" preferences: + description: "Preferences holds the Grafana Preferences settings" properties: homeDashboardUid: type: "string" type: "object" route: + description: "Route sets how the ingress object should look like with your grafana instance, this only works in Openshift." properties: metadata: + description: "ObjectMeta contains only a [subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta)." properties: annotations: additionalProperties: @@ -3976,12 +5163,16 @@ spec: properties: alternateBackends: items: + description: "RouteTargetReference specifies the target that resolve into endpoints. Only the 'Service'\nkind is allowed. Use 'weight' field to emphasize one over others." properties: kind: + description: "The kind of target that the route is referring to. Currently, only 'Service' is allowed" type: "string" name: + description: "name of the service/target that is being referred to. e.g. name of the service" type: "string" weight: + description: "weight as an integer between 0 and 256, default 100, that specifies the target's relative weight\nagainst other target reference objects. 0 suppresses requests to this backend." format: "int32" type: "integer" required: @@ -3995,39 +5186,52 @@ spec: path: type: "string" port: + description: "RoutePort defines a port mapping from a router to an endpoint in the service endpoints." properties: targetPort: anyOf: - type: "integer" - type: "string" + description: "The target port on pods selected by the service this route points to.\nIf this is a string, it will be looked up as a named port in the target\nendpoints port list. Required" x-kubernetes-int-or-string: true required: - "targetPort" type: "object" tls: + description: "TLSConfig defines config used to secure a route and provide termination" properties: caCertificate: + description: "caCertificate provides the cert authority certificate contents" type: "string" certificate: + description: "certificate provides certificate contents" type: "string" destinationCACertificate: + description: "destinationCACertificate provides the contents of the ca certificate of the final destination. When using reencrypt\ntermination this file should be provided in order to have routers use it for health checks on the secure connection.\nIf this field is not specified, the router may provide its own destination CA and perform hostname validation using\nthe short service name (service.namespace.svc), which allows infrastructure generated certificates to automatically\nverify." type: "string" insecureEdgeTerminationPolicy: + description: "insecureEdgeTerminationPolicy indicates the desired behavior for insecure connections to a route. While\neach router may make its own decisions on which ports to expose, this is normally port 80.\n\n\n* Allow - traffic is sent to the server on the insecure port (default)\n* Disable - no traffic is allowed on the insecure port.\n* Redirect - clients are redirected to the secure port." type: "string" key: + description: "key provides key file contents" type: "string" termination: + description: "termination indicates termination type." type: "string" required: - "termination" type: "object" to: + description: "RouteTargetReference specifies the target that resolve into endpoints. Only the 'Service'\nkind is allowed. Use 'weight' field to emphasize one over others." properties: kind: + description: "The kind of target that the route is referring to. Currently, only 'Service' is allowed" type: "string" name: + description: "name of the service/target that is being referred to. e.g. name of the service" type: "string" weight: + description: "weight as an integer between 0 and 256, default 100, that specifies the target's relative weight\nagainst other target reference objects. 0 suppresses requests to this backend." format: "int32" type: "integer" required: @@ -4036,12 +5240,15 @@ spec: - "weight" type: "object" wildcardPolicy: + description: "WildcardPolicyType indicates the type of wildcard support needed by routes." type: "string" type: "object" type: "object" service: + description: "Service sets how the service object should look like with your grafana instance, contains a number of defaults." properties: metadata: + description: "ObjectMeta contains only a [subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta)." properties: annotations: additionalProperties: @@ -4053,66 +5260,89 @@ spec: type: "object" type: "object" spec: + description: "ServiceSpec describes the attributes that a user creates on a service." properties: allocateLoadBalancerNodePorts: + description: "allocateLoadBalancerNodePorts defines if NodePorts will be automatically\nallocated for services with type LoadBalancer. Default is \"true\". It\nmay be set to \"false\" if the cluster load-balancer does not rely on\nNodePorts. If the caller requests specific NodePorts (by specifying a\nvalue), those requests will be respected, regardless of this field.\nThis field may only be set for services with type LoadBalancer and will\nbe cleared if the type is changed to any other type." type: "boolean" clusterIP: + description: "clusterIP is the IP address of the service and is usually assigned\nrandomly. If an address is specified manually, is in-range (as per\nsystem configuration), and is not in use, it will be allocated to the\nservice; otherwise creation of the service will fail. This field may not\nbe changed through updates unless the type field is also being changed\nto ExternalName (which requires this field to be blank) or the type\nfield is being changed from ExternalName (in which case this field may\noptionally be specified, as describe above). Valid values are \"None\",\nempty string (\"\"), or a valid IP address. Setting this to \"None\" makes a\n\"headless service\" (no virtual IP), which is useful when direct endpoint\nconnections are preferred and proxying is not required. Only applies to\ntypes ClusterIP, NodePort, and LoadBalancer. If this field is specified\nwhen creating a Service of type ExternalName, creation will fail. This\nfield will be wiped when updating a Service to type ExternalName.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" type: "string" clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: type: "string" type: "array" x-kubernetes-list-type: "atomic" externalIPs: + description: "externalIPs is a list of IP addresses for which nodes in the cluster\nwill also accept traffic for this service. These IPs are not managed by\nKubernetes. The user is responsible for ensuring that traffic arrives\nat a node with this IP. A common example is external load-balancers\nthat are not part of the Kubernetes system." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" externalName: + description: "externalName is the external reference that discovery mechanisms will\nreturn as an alias for this service (e.g. a DNS CNAME record). No\nproxying will be involved. Must be a lowercase RFC-1123 hostname\n(https://tools.ietf.org/html/rfc1123) and requires `type` to be \"ExternalName\"." type: "string" externalTrafficPolicy: + description: "externalTrafficPolicy describes how nodes distribute service traffic they\nreceive on one of the Service's \"externally-facing\" addresses (NodePorts,\nExternalIPs, and LoadBalancer IPs). If set to \"Local\", the proxy will configure\nthe service in a way that assumes that external load balancers will take care\nof balancing the service traffic between nodes, and so each node will deliver\ntraffic only to the node-local endpoints of the service, without masquerading\nthe client source IP. (Traffic mistakenly sent to a node with no endpoints will\nbe dropped.) The default value, \"Cluster\", uses the standard behavior of\nrouting to all endpoints evenly (possibly modified by topology and other\nfeatures). Note that traffic sent to an External IP or LoadBalancer IP from\nwithin the cluster will always get \"Cluster\" semantics, but clients sending to\na NodePort from within the cluster may need to take traffic policy into account\nwhen picking a node." type: "string" healthCheckNodePort: + description: "healthCheckNodePort specifies the healthcheck nodePort for the service.\nThis only applies when type is set to LoadBalancer and\nexternalTrafficPolicy is set to Local. If a value is specified, is\nin-range, and is not in use, it will be used. If not specified, a value\nwill be automatically allocated. External systems (e.g. load-balancers)\ncan use this port to determine if a given node holds endpoints for this\nservice or not. If this field is specified when creating a Service\nwhich does not need it, creation will fail. This field will be wiped\nwhen updating a Service to no longer need it (e.g. changing type).\nThis field cannot be updated once set." format: "int32" type: "integer" internalTrafficPolicy: + description: "InternalTrafficPolicy describes how nodes distribute service traffic they\nreceive on the ClusterIP. If set to \"Local\", the proxy will assume that pods\nonly want to talk to endpoints of the service on the same node as the pod,\ndropping the traffic if there are no local endpoints. The default value,\n\"Cluster\", uses the standard behavior of routing to all endpoints evenly\n(possibly modified by topology and other features)." type: "string" ipFamilies: + description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field." items: + description: "IPFamily represents the IP Family (IPv4 or IPv6). This type is used\nto express the family of an IP expressed by a type (e.g. service.spec.ipFamilies)." type: "string" type: "array" x-kubernetes-list-type: "atomic" ipFamilyPolicy: + description: "IPFamilyPolicy represents the dual-stack-ness requested or required by\nthis Service. If there is no value provided, then this field will be set\nto SingleStack. Services can be \"SingleStack\" (a single IP family),\n\"PreferDualStack\" (two IP families on dual-stack configured clusters or\na single IP family on single-stack clusters), or \"RequireDualStack\"\n(two IP families on dual-stack configured clusters, otherwise fail). The\nipFamilies and clusterIPs fields depend on the value of this field. This\nfield will be wiped when updating a service to type ExternalName." type: "string" loadBalancerClass: + description: "loadBalancerClass is the class of the load balancer implementation this Service belongs to.\nIf specified, the value of this field must be a label-style identifier, with an optional prefix,\ne.g. \"internal-vip\" or \"example.com/internal-vip\". Unprefixed names are reserved for end-users.\nThis field can only be set when the Service type is 'LoadBalancer'. If not set, the default load\nbalancer implementation is used, today this is typically done through the cloud provider integration,\nbut should apply for any default implementation. If set, it is assumed that a load balancer\nimplementation is watching for Services with a matching class. Any default load balancer\nimplementation (e.g. cloud providers) should ignore Services that set this field.\nThis field can only be set when creating or updating a Service to type 'LoadBalancer'.\nOnce set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type." type: "string" loadBalancerIP: + description: "Only applies to Service Type: LoadBalancer.\nThis feature depends on whether the underlying cloud-provider supports specifying\nthe loadBalancerIP when a load balancer is created.\nThis field will be ignored if the cloud-provider does not support the feature.\nDeprecated: This field was under-specified and its meaning varies across implementations.\nUsing it is non-portable and it may not support dual-stack.\nUsers are encouraged to use implementation-specific annotations when available." type: "string" loadBalancerSourceRanges: + description: "If specified and supported by the platform, this will restrict traffic through the cloud-provider\nload-balancer will be restricted to the specified client IPs. This field will be ignored if the\ncloud-provider does not support the feature.\"\nMore info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/" items: type: "string" type: "array" x-kubernetes-list-type: "atomic" ports: + description: "The list of ports that are exposed by this service.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" items: + description: "ServicePort contains information on service's port." properties: appProtocol: + description: "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol." type: "string" name: + description: "The name of this port within the service. This must be a DNS_LABEL.\nAll ports within a ServiceSpec must have unique names. When considering\nthe endpoints for a Service, this must match the 'name' field in the\nEndpointPort.\nOptional if only one ServicePort is defined on this service." type: "string" nodePort: + description: "The port on each node on which this service is exposed when type is\nNodePort or LoadBalancer. Usually assigned by the system. If a value is\nspecified, in-range, and not in use it will be used, otherwise the\noperation will fail. If not specified, a port will be allocated if this\nService requires one. If this field is specified when creating a\nService which does not need it, creation will fail. This field will be\nwiped when updating a Service to no longer need it (e.g. changing type\nfrom NodePort to ClusterIP).\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport" format: "int32" type: "integer" port: + description: "The port that will be exposed by this service." format: "int32" type: "integer" protocol: default: "TCP" + description: "The IP protocol for this port. Supports \"TCP\", \"UDP\", and \"SCTP\".\nDefault is TCP." type: "string" targetPort: anyOf: - type: "integer" - type: "string" + description: "Number or name of the port to access on the pods targeted by the service.\nNumber must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.\nIf this is a string, it will be looked up as a named port in the\ntarget Pod's container ports. If this is not specified, the value\nof the 'port' field is used (an identity map).\nThis field is ignored for services with clusterIP=None, and should be\nomitted or set equal to the 'port' field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service" x-kubernetes-int-or-string: true required: - "port" @@ -4123,43 +5353,55 @@ spec: - "protocol" x-kubernetes-list-type: "map" publishNotReadyAddresses: + description: "publishNotReadyAddresses indicates that any agent which deals with endpoints for this\nService should disregard any indications of ready/not-ready.\nThe primary use case for setting this field is for a StatefulSet's Headless Service to\npropagate SRV DNS records for its Pods for the purpose of peer discovery.\nThe Kubernetes controllers that generate Endpoints and EndpointSlice resources for\nServices interpret this to mean that all endpoints are considered \"ready\" even if the\nPods themselves are not. Agents which consume only Kubernetes generated endpoints\nthrough the Endpoints or EndpointSlice resources can safely assume this behavior." type: "boolean" selector: additionalProperties: type: "string" + description: "Route service traffic to pods with label keys and values matching this\nselector. If empty or not present, the service is assumed to have an\nexternal process managing its endpoints, which Kubernetes will not\nmodify. Only applies to types ClusterIP, NodePort, and LoadBalancer.\nIgnored if type is ExternalName.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/" type: "object" x-kubernetes-map-type: "atomic" sessionAffinity: + description: "Supports \"ClientIP\" and \"None\". Used to maintain session affinity.\nEnable client IP based session affinity.\nMust be ClientIP or None.\nDefaults to None.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" type: "string" sessionAffinityConfig: + description: "sessionAffinityConfig contains the configurations of session affinity." properties: clientIP: + description: "clientIP contains the configurations of Client IP based session affinity." properties: timeoutSeconds: + description: "timeoutSeconds specifies the seconds of ClientIP type session sticky time.\nThe value must be >0 && <=86400(for 1 day) if ServiceAffinity == \"ClientIP\".\nDefault value is 10800(for 3 hours)." format: "int32" type: "integer" type: "object" type: "object" trafficDistribution: + description: "TrafficDistribution offers a way to express preferences for how traffic is\ndistributed to Service endpoints. Implementations can use this field as a\nhint, but are not required to guarantee strict adherence. If the field is\nnot set, the implementation will apply its default routing strategy. If set\nto \"PreferClose\", implementations should prioritize endpoints that are\ntopologically close (e.g., same zone).\nThis is an alpha field and requires enabling ServiceTrafficDistribution feature." type: "string" type: + description: "type determines how the Service is exposed. Defaults to ClusterIP. Valid\noptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.\n\"ClusterIP\" allocates a cluster-internal IP address for load-balancing\nto endpoints. Endpoints are determined by the selector or if that is not\nspecified, by manual construction of an Endpoints object or\nEndpointSlice objects. If clusterIP is \"None\", no virtual IP is\nallocated and the endpoints are published as a set of endpoints rather\nthan a virtual IP.\n\"NodePort\" builds on ClusterIP and allocates a port on every node which\nroutes to the same endpoints as the clusterIP.\n\"LoadBalancer\" builds on NodePort and creates an external load-balancer\n(if supported in the current cloud) which routes to the same endpoints\nas the clusterIP.\n\"ExternalName\" aliases this service to the specified externalName.\nSeveral other fields do not apply to ExternalName services.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types" type: "string" type: "object" type: "object" serviceAccount: + description: "ServiceAccount sets how the ServiceAccount object should look like with your grafana instance, contains a number of defaults." properties: automountServiceAccountToken: type: "boolean" imagePullSecrets: items: + description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" type: "array" metadata: + description: "ObjectMeta contains only a [subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta)." properties: annotations: additionalProperties: @@ -4172,29 +5414,39 @@ spec: type: "object" secrets: items: + description: "ObjectReference contains enough information to let you inspect or modify the referred object.\n---\nNew uses of this type are discouraged because of difficulty describing its usage when embedded in APIs.\n 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage.\n 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular\n restrictions like, \"must refer only to types A and B\" or \"UID not honored\" or \"name must be restricted\".\n Those cannot be well described when embedded.\n 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen.\n 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity\n during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple\n and the version of the actual struct is irrelevant.\n 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type\n will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control.\n\n\nInstead of using this type, create a locally provided and used type that is well-focused on your reference.\nFor example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 ." properties: apiVersion: + description: "API version of the referent." type: "string" fieldPath: + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." type: "string" kind: + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" type: "string" resourceVersion: + description: "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" type: "string" uid: + description: "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" type: "string" type: "object" x-kubernetes-map-type: "atomic" type: "array" type: "object" version: + description: "Version specifies the version of Grafana to use for this deployment. It follows the same format as the docker.io/grafana/grafana tags" type: "string" type: "object" status: + description: "GrafanaStatus defines the observed state of Grafana" properties: adminUrl: type: "string" diff --git a/crd-catalog/k8gb-io/k8gb/k8gb.absa.oss/v1beta1/gslbs.yaml b/crd-catalog/k8gb-io/k8gb/k8gb.absa.oss/v1beta1/gslbs.yaml index 87ca23fe2..b743bea07 100644 --- a/crd-catalog/k8gb-io/k8gb/k8gb.absa.oss/v1beta1/gslbs.yaml +++ b/crd-catalog/k8gb-io/k8gb/k8gb.absa.oss/v1beta1/gslbs.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.8.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "gslbs.k8gb.absa.oss" spec: group: "k8gb.absa.oss" @@ -30,10 +30,10 @@ spec: description: "Gslb is the Schema for the gslbs API" properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -44,13 +44,13 @@ spec: description: "Gslb-enabled Ingress Spec" properties: backend: - description: "A default backend capable of servicing requests that don't match any rule. At least one of 'backend' or 'rules' must be specified. This field is optional to allow the loadbalancer controller or defaulting logic to specify a global default." + description: "A default backend capable of servicing requests that don't match any\nrule. At least one of 'backend' or 'rules' must be specified. This field\nis optional to allow the loadbalancer controller or defaulting logic to\nspecify a global default." properties: resource: - description: "Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with \"Service\"." + description: "Resource is an ObjectRef to another Kubernetes resource in the namespace\nof the Ingress object. If resource is specified, a service.Name and\nservice.Port must not be specified.\nThis is a mutually exclusive setting with \"Service\"." properties: apiGroup: - description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" kind: description: "Kind is the type of resource being referenced" @@ -62,20 +62,21 @@ spec: - "kind" - "name" type: "object" + x-kubernetes-map-type: "atomic" service: - description: "Service references a Service as a Backend. This is a mutually exclusive setting with \"Resource\"." + description: "Service references a Service as a Backend.\nThis is a mutually exclusive setting with \"Resource\"." properties: name: - description: "Name is the referenced service. The service must exist in the same namespace as the Ingress object." + description: "Name is the referenced service. The service must exist in\nthe same namespace as the Ingress object." type: "string" port: - description: "Port of the referenced service. A port name or port number is required for a IngressServiceBackend." + description: "Port of the referenced service. A port name or port number\nis required for a IngressServiceBackend." properties: name: - description: "Name is the name of the port on the Service. This is a mutually exclusive setting with \"Number\"." + description: "Name is the name of the port on the Service.\nThis is a mutually exclusive setting with \"Number\"." type: "string" number: - description: "Number is the numerical port number (e.g. 80) on the Service. This is a mutually exclusive setting with \"Name\"." + description: "Number is the numerical port number (e.g. 80) on the Service.\nThis is a mutually exclusive setting with \"Name\"." format: "int32" type: "integer" type: "object" @@ -84,32 +85,32 @@ spec: type: "object" type: "object" ingressClassName: - description: "IngressClassName is the name of the IngressClass cluster resource. The associated IngressClass defines which controller will implement the resource. This replaces the deprecated `kubernetes.io/ingress.class` annotation. For backwards compatibility, when that annotation is set, it must be given precedence over this field. The controller may emit a warning if the field and annotation have different values. Implementations of this API should ignore Ingresses without a class specified. An IngressClass resource may be marked as default, which can be used to set a default value for this field. For more information, refer to the IngressClass documentation." + description: "IngressClassName is the name of the IngressClass cluster resource. The\nassociated IngressClass defines which controller will implement the\nresource. This replaces the deprecated `kubernetes.io/ingress.class`\nannotation. For backwards compatibility, when that annotation is set, it\nmust be given precedence over this field. The controller may emit a\nwarning if the field and annotation have different values.\nImplementations of this API should ignore Ingresses without a class\nspecified. An IngressClass resource may be marked as default, which can\nbe used to set a default value for this field. For more information,\nrefer to the IngressClass documentation." type: "string" rules: - description: "A list of host rules used to configure the Ingress. If unspecified, or no rule matches, all traffic is sent to the default backend." + description: "A list of host rules used to configure the Ingress. If unspecified, or\nno rule matches, all traffic is sent to the default backend." items: - description: "IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue." + description: "IngressRule represents the rules mapping the paths under a specified host to\nthe related backend services. Incoming requests are first evaluated for a host\nmatch, then routed to the backend associated with the matching IngressRuleValue." properties: host: - description: "Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the \"host\" part of the URI as defined in RFC 3986: 1. IPs are not allowed. Currently an IngressRuleValue can only apply to the IP in the Spec of the parent Ingress. 2. The `:` delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. Incoming requests are matched against the host before the IngressRuleValue. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. \n Host can be \"precise\" which is a domain name without the terminating dot of a network host (e.g. \"foo.bar.com\") or \"wildcard\", which is a domain name prefixed with a single wildcard label (e.g. \"*.foo.com\"). The wildcard character '*' must appear by itself as the first DNS label and matches only a single label. You cannot have a wildcard label by itself (e.g. Host == \"*\"). Requests will be matched against the Host field in the following way: 1. If Host is precise, the request matches this rule if the http host header is equal to Host. 2. If Host is a wildcard, then the request matches this rule if the http host header is to equal to the suffix (removing the first label) of the wildcard rule." + description: "Host is the fully qualified domain name of a network host, as defined by RFC 3986.\nNote the following deviations from the \"host\" part of the\nURI as defined in RFC 3986:\n1. IPs are not allowed. Currently an IngressRuleValue can only apply to\n the IP in the Spec of the parent Ingress.\n2. The `:` delimiter is not respected because ports are not allowed.\n\t Currently the port of an Ingress is implicitly :80 for http and\n\t :443 for https.\nBoth these may change in the future.\nIncoming requests are matched against the host before the\nIngressRuleValue. If the host is unspecified, the Ingress routes all\ntraffic based on the specified IngressRuleValue.\n\n\nHost can be \"precise\" which is a domain name without the terminating dot of\na network host (e.g. \"foo.bar.com\") or \"wildcard\", which is a domain name\nprefixed with a single wildcard label (e.g. \"*.foo.com\").\nThe wildcard character '*' must appear by itself as the first DNS label and\nmatches only a single label. You cannot have a wildcard label by itself (e.g. Host == \"*\").\nRequests will be matched against the Host field in the following way:\n1. If Host is precise, the request matches this rule if the http host header is equal to Host.\n2. If Host is a wildcard, then the request matches this rule if the http host header\nis to equal to the suffix (removing the first label) of the wildcard rule." type: "string" http: - description: "HTTPIngressRuleValue is a list of http selectors pointing to backends. In the example: http:///? -> backend where where parts of the url correspond to RFC 3986, this resource will be used to match against everything after the last '/' and before the first '?' or '#'." + description: "HTTPIngressRuleValue is a list of http selectors\npointing to backends. In the example: http:///?\n-> backend where where parts of the url correspond to\nRFC 3986, this resource will be used to match against\neverything after the last '/' and before the first '?'\nor '#'." properties: paths: description: "A collection of paths that map requests to backends." items: - description: "HTTPIngressPath associates a path with a backend. Incoming urls matching the path are forwarded to the backend." + description: "HTTPIngressPath associates a path with a backend. Incoming urls matching the\npath are forwarded to the backend." properties: backend: - description: "Backend defines the referenced service endpoint to which the traffic will be forwarded to." + description: "Backend defines the referenced service endpoint to which the traffic\nwill be forwarded to." properties: resource: - description: "Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with \"Service\"." + description: "Resource is an ObjectRef to another Kubernetes resource in the namespace\nof the Ingress object. If resource is specified, a service.Name and\nservice.Port must not be specified.\nThis is a mutually exclusive setting with \"Service\"." properties: apiGroup: - description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" kind: description: "Kind is the type of resource being referenced" @@ -121,20 +122,21 @@ spec: - "kind" - "name" type: "object" + x-kubernetes-map-type: "atomic" service: - description: "Service references a Service as a Backend. This is a mutually exclusive setting with \"Resource\"." + description: "Service references a Service as a Backend.\nThis is a mutually exclusive setting with \"Resource\"." properties: name: - description: "Name is the referenced service. The service must exist in the same namespace as the Ingress object." + description: "Name is the referenced service. The service must exist in\nthe same namespace as the Ingress object." type: "string" port: - description: "Port of the referenced service. A port name or port number is required for a IngressServiceBackend." + description: "Port of the referenced service. A port name or port number\nis required for a IngressServiceBackend." properties: name: - description: "Name is the name of the port on the Service. This is a mutually exclusive setting with \"Number\"." + description: "Name is the name of the port on the Service.\nThis is a mutually exclusive setting with \"Number\"." type: "string" number: - description: "Number is the numerical port number (e.g. 80) on the Service. This is a mutually exclusive setting with \"Name\"." + description: "Number is the numerical port number (e.g. 80) on the Service.\nThis is a mutually exclusive setting with \"Name\"." format: "int32" type: "integer" type: "object" @@ -143,10 +145,10 @@ spec: type: "object" type: "object" path: - description: "Path is matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional \"path\" part of a URL as defined by RFC 3986. Paths must begin with a '/' and must be present when using PathType with value \"Exact\" or \"Prefix\"." + description: "Path is matched against the path of an incoming request. Currently it can\ncontain characters disallowed from the conventional \"path\" part of a URL\nas defined by RFC 3986. Paths must begin with a '/' and must be present\nwhen using PathType with value \"Exact\" or \"Prefix\"." type: "string" pathType: - description: "PathType determines the interpretation of the Path matching. PathType can be one of the following values: * Exact: Matches the URL path exactly. * Prefix: Matches based on a URL path prefix split by '/'. Matching is done on a path element by element basis. A path element refers is the list of labels in the path split by the '/' separator. A request is a match for path p if every p is an element-wise prefix of p of the request path. Note that if the last element of the path is a substring of the last element in request path, it is not a match (e.g. /foo/bar matches /foo/bar/baz, but does not match /foo/barbaz). * ImplementationSpecific: Interpretation of the Path matching is up to the IngressClass. Implementations can treat this as a separate PathType or treat it identically to Prefix or Exact path types. Implementations are required to support all path types." + description: "PathType determines the interpretation of the Path matching. PathType can\nbe one of the following values:\n* Exact: Matches the URL path exactly.\n* Prefix: Matches based on a URL path prefix split by '/'. Matching is\n done on a path element by element basis. A path element refers is the\n list of labels in the path split by the '/' separator. A request is a\n match for path p if every p is an element-wise prefix of p of the\n request path. Note that if the last element of the path is a substring\n of the last element in request path, it is not a match (e.g. /foo/bar\n matches /foo/bar/baz, but does not match /foo/barbaz).\n* ImplementationSpecific: Interpretation of the Path matching is up to\n the IngressClass. Implementations can treat this as a separate PathType\n or treat it identically to Prefix or Exact path types.\nImplementations are required to support all path types." type: "string" required: - "backend" @@ -162,18 +164,18 @@ spec: type: "object" type: "array" tls: - description: "TLS configuration. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI." + description: "TLS configuration. Currently the Ingress only supports a single TLS\nport, 443. If multiple members of this list specify different hosts, they\nwill be multiplexed on the same port according to the hostname specified\nthrough the SNI TLS extension, if the ingress controller fulfilling the\ningress supports SNI." items: description: "IngressTLS describes the transport layer security associated with an Ingress." properties: hosts: - description: "Hosts are a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified." + description: "Hosts are a list of hosts included in the TLS certificate. The values in\nthis list must match the name/s used in the tlsSecret. Defaults to the\nwildcard host setting for the loadbalancer controller fulfilling this\nIngress, if left unspecified." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" secretName: - description: "SecretName is the name of the secret used to terminate TLS traffic on port 443. Field is left optional to allow TLS routing based on SNI hostname alone. If the SNI host in a listener conflicts with the \"Host\" header field used by an IngressRule, the SNI host is used for termination and value of the Host header is used for routing." + description: "SecretName is the name of the secret used to terminate TLS traffic on\nport 443. Field is left optional to allow TLS routing based on SNI\nhostname alone. If the SNI host in a listener conflicts with the \"Host\"\nheader field used by an IngressRule, the SNI host is used for termination\nand value of the Host header is used for routing." type: "string" type: "object" type: "array" @@ -236,9 +238,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1alpha1/clusterflows.yaml b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1alpha1/clusterflows.yaml index bf9f1f37b..9cabbcf90 100644 --- a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1alpha1/clusterflows.yaml +++ b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1alpha1/clusterflows.yaml @@ -1030,6 +1030,10 @@ spec: additionalProperties: type: "string" type: "object" + namespace_labels: + additionalProperties: + type: "string" + type: "object" namespaces: items: type: "string" @@ -1049,6 +1053,10 @@ spec: additionalProperties: type: "string" type: "object" + namespace_labels: + additionalProperties: + type: "string" + type: "object" namespaces: items: type: "string" diff --git a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1alpha1/flows.yaml b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1alpha1/flows.yaml index 44267a406..964779432 100644 --- a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1alpha1/flows.yaml +++ b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1alpha1/flows.yaml @@ -1034,6 +1034,10 @@ spec: additionalProperties: type: "string" type: "object" + namespace_labels: + additionalProperties: + type: "string" + type: "object" type: "object" select: properties: diff --git a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/clusterflows.yaml b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/clusterflows.yaml index 61f0cf031..4bcec905c 100644 --- a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/clusterflows.yaml +++ b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/clusterflows.yaml @@ -1030,6 +1030,10 @@ spec: additionalProperties: type: "string" type: "object" + namespace_labels: + additionalProperties: + type: "string" + type: "object" namespaces: items: type: "string" @@ -1049,6 +1053,10 @@ spec: additionalProperties: type: "string" type: "object" + namespace_labels: + additionalProperties: + type: "string" + type: "object" namespaces: items: type: "string" diff --git a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/flows.yaml b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/flows.yaml index 47437cc2b..266c0c988 100644 --- a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/flows.yaml +++ b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/flows.yaml @@ -1034,6 +1034,10 @@ spec: additionalProperties: type: "string" type: "object" + namespace_labels: + additionalProperties: + type: "string" + type: "object" type: "object" select: properties: diff --git a/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/admissionchecks.yaml b/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/admissionchecks.yaml index dd2495c14..15225dce9 100644 --- a/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/admissionchecks.yaml +++ b/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/admissionchecks.yaml @@ -30,13 +30,13 @@ spec: description: "AdmissionCheckSpec defines the desired state of AdmissionCheck" properties: controllerName: - description: "controllerName is name of the controller which will actually perform\nthe checks. This is the name with which controller identifies with,\nnot necessarily a K8S Pod or Deployment name. Cannot be empty." + description: "controllerName identifies the controller that processes the AdmissionCheck,\nnot necessarily a Kubernetes Pod or Deployment name. Cannot be empty." type: "string" x-kubernetes-validations: - message: "field is immutable" rule: "self == oldSelf" parameters: - description: "Parameters identifies the resource providing additional check parameters." + description: "Parameters identifies a configuration with additional parameters for the\ncheck." properties: apiGroup: description: "ApiGroup is the group for the resource being referenced." @@ -60,7 +60,7 @@ spec: type: "object" retryDelayMinutes: default: 15 - description: "RetryDelayMinutes specifies how long to keep the workload suspended\nafter a failed check (after it transitioned to False).\nAfter that the check state goes to \"Unknown\".\nThe default is 15 min." + description: "RetryDelayMinutes **deprecated** specifies how long to keep the workload suspended after\na failed check (after it transitioned to False). When the delay period has passed, the check\nstate goes to \"Unknown\". The default is 15 min.\nThe default is 15 min." format: "int64" type: "integer" required: diff --git a/crd-catalog/kubeshop/testkube-operator/executor.testkube.io/v1/webhooks.yaml b/crd-catalog/kubeshop/testkube-operator/executor.testkube.io/v1/webhooks.yaml index 02d2143c6..850491bdf 100644 --- a/crd-catalog/kubeshop/testkube-operator/executor.testkube.io/v1/webhooks.yaml +++ b/crd-catalog/kubeshop/testkube-operator/executor.testkube.io/v1/webhooks.yaml @@ -58,6 +58,9 @@ spec: type: "string" description: "webhook headers (golang template supported)" type: "object" + onStateChange: + description: "OnStateChange will trigger the webhook only when the result of the current execution differs from the previous result of the same test/test suite/workflow" + type: "boolean" payloadObjectField: description: "will load the generated payload for notification inside the object" type: "string" diff --git a/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/migrations.yaml b/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/migrations.yaml index 2ca56b875..9fe2abd77 100644 --- a/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/migrations.yaml +++ b/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/migrations.yaml @@ -288,6 +288,9 @@ spec: namespace: description: "The VM Namespace\nOnly relevant for an openshift source." type: "string" + operatingSystem: + description: "The Operating System detected by virt-v2v." + type: "string" phase: description: "Phase" type: "string" @@ -420,6 +423,9 @@ spec: restorePowerState: description: "Source VM power state before migration." type: "string" + rootDisk: + description: "Choose the primary disk the VM boots from" + type: "string" started: description: "Started timestamp." format: "date-time" diff --git a/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/plans.yaml b/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/plans.yaml index b259ec560..2655607be 100644 --- a/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/plans.yaml +++ b/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/plans.yaml @@ -282,6 +282,9 @@ spec: namespace: description: "The VM Namespace\nOnly relevant for an openshift source." type: "string" + rootDisk: + description: "Choose the primary disk the VM boots from" + type: "string" type: description: "Type used to qualify the name." type: "string" @@ -666,6 +669,9 @@ spec: namespace: description: "The VM Namespace\nOnly relevant for an openshift source." type: "string" + operatingSystem: + description: "The Operating System detected by virt-v2v." + type: "string" phase: description: "Phase" type: "string" @@ -798,6 +804,9 @@ spec: restorePowerState: description: "Source VM power state before migration." type: "string" + rootDisk: + description: "Choose the primary disk the VM boots from" + type: "string" started: description: "Started timestamp." format: "date-time" diff --git a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/configurations.yaml b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/configurations.yaml index 1f9785b52..bd40f63d1 100644 --- a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/configurations.yaml +++ b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/configurations.yaml @@ -91,8 +91,98 @@ spec: catch: description: "Catch defines what the tests steps will execute when an error happens.\nThis will be combined with catch handlers defined at the test and step levels." items: - description: "CatchFinally defines actions to be executed in catch, finally and cleanup blocks." + description: "Operation defines operation elements." properties: + apply: + description: "Apply represents resources that should be applied for this test step. This can include things\nlike configuration settings or any other resources that need to be available during the test." + properties: + dryRun: + description: "DryRun determines whether the file should be applied in dry run mode." + type: "boolean" + expect: + description: "Expect defines a list of matched checks to validate the operation outcome." + items: + description: "Expectation represents a check to be applied on the result of an operation\nwith a match filter to determine if the verification should be considered." + properties: + check: + description: "Check defines the verification statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + required: + - "check" + type: "object" + type: "array" + file: + description: "File is the path to the referenced file. This can be a direct path to a file\nor an expression that matches multiple files, such as \"manifest/*.yaml\" for all YAML\nfiles within the \"manifest\" directory." + type: "string" + resource: + description: "Resource provides a resource to be applied." + type: "object" + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + template: + description: "Template determines whether resources should be considered for templating." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + assert: + description: "Assert represents an assertion to be made. It checks whether the conditions specified in the assertion hold true." + properties: + file: + description: "File is the path to the referenced file. This can be a direct path to a file\nor an expression that matches multiple files, such as \"manifest/*.yaml\" for all YAML\nfiles within the \"manifest\" directory." + type: "string" + resource: + description: "Check provides a check used in assertions." + type: "object" + x-kubernetes-preserve-unknown-fields: true + template: + description: "Template determines whether resources should be considered for templating." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + bindings: + description: "Bindings defines additional binding key/values." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" command: description: "Command defines a command to run." properties: @@ -101,45 +191,10 @@ spec: items: type: "string" type: "array" - bindings: - description: "Bindings defines additional binding key/values." - items: - description: "Binding represents a key/value set as a binding in an executing test." - properties: - name: - description: "Name the name of the binding." - pattern: "^(?:\\w+|\\(.+\\))$" - type: "string" - value: - description: "Value value of the binding." - x-kubernetes-preserve-unknown-fields: true - required: - - "name" - - "value" - type: "object" - type: "array" check: description: "Check is an assertion tree to validate the operation outcome." type: "object" x-kubernetes-preserve-unknown-fields: true - cluster: - description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." - type: "string" - clusters: - additionalProperties: - description: "Cluster defines cluster config and context." - properties: - context: - description: "Context is the name of the context to use." - type: "string" - kubeconfig: - description: "Kubeconfig is the path to the referenced file." - type: "string" - required: - - "kubeconfig" - type: "object" - description: "Clusters holds a registry to clusters to support multi-cluster tests." - type: "object" entrypoint: description: "Entrypoint is the command entry point to run." type: "string" @@ -160,27 +215,6 @@ spec: - "value" type: "object" type: "array" - outputs: - description: "Outputs defines output bindings." - items: - description: "Output represents an output binding with a match to determine if the binding must be considered or not." - properties: - match: - description: "Match defines the matching statement." - type: "object" - x-kubernetes-preserve-unknown-fields: true - name: - description: "Name the name of the binding." - pattern: "^(?:\\w+|\\(.+\\))$" - type: "string" - value: - description: "Value value of the binding." - x-kubernetes-preserve-unknown-fields: true - required: - - "name" - - "value" - type: "object" - type: "array" skipLogOutput: description: "SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise." type: "boolean" @@ -190,44 +224,47 @@ spec: required: - "entrypoint" type: "object" - delete: - description: "Delete represents a deletion operation." + create: + description: "Create represents a creation operation." properties: - bindings: - description: "Bindings defines additional binding key/values." + dryRun: + description: "DryRun determines whether the file should be applied in dry run mode." + type: "boolean" + expect: + description: "Expect defines a list of matched checks to validate the operation outcome." items: - description: "Binding represents a key/value set as a binding in an executing test." + description: "Expectation represents a check to be applied on the result of an operation\nwith a match filter to determine if the verification should be considered." properties: - name: - description: "Name the name of the binding." - pattern: "^(?:\\w+|\\(.+\\))$" - type: "string" - value: - description: "Value value of the binding." + check: + description: "Check defines the verification statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + match: + description: "Match defines the matching statement." + type: "object" x-kubernetes-preserve-unknown-fields: true required: - - "name" - - "value" + - "check" type: "object" type: "array" - cluster: - description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + file: + description: "File is the path to the referenced file. This can be a direct path to a file\nor an expression that matches multiple files, such as \"manifest/*.yaml\" for all YAML\nfiles within the \"manifest\" directory." type: "string" - clusters: - additionalProperties: - description: "Cluster defines cluster config and context." - properties: - context: - description: "Context is the name of the context to use." - type: "string" - kubeconfig: - description: "Kubeconfig is the path to the referenced file." - type: "string" - required: - - "kubeconfig" - type: "object" - description: "Clusters holds a registry to clusters to support multi-cluster tests." + resource: + description: "Resource provides a resource to be applied." type: "object" + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + template: + description: "Template determines whether resources should be considered for templating." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + delete: + description: "Delete represents a deletion operation." + properties: deletionPropagationPolicy: description: "DeletionPropagationPolicy decides if a deletion will propagate to the dependents of\nthe object, and how the garbage collector will handle the propagation.\nOverrides the deletion propagation policy set in the Configuration, the Test and the TestStep." enum: @@ -264,11 +301,39 @@ spec: kind: description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" - labels: - additionalProperties: - type: "string" + labelSelector: description: "Label selector to match objects to delete" + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" type: "object" + x-kubernetes-map-type: "atomic" name: description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" @@ -292,24 +357,6 @@ spec: apiVersion: description: "API version of the referent." type: "string" - cluster: - description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." - type: "string" - clusters: - additionalProperties: - description: "Cluster defines cluster config and context." - properties: - context: - description: "Context is the name of the context to use." - type: "string" - kubeconfig: - description: "Kubeconfig is the path to the referenced file." - type: "string" - required: - - "kubeconfig" - type: "object" - description: "Clusters holds a registry to clusters to support multi-cluster tests." - type: "object" kind: description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" @@ -335,27 +382,26 @@ spec: description: description: "Description contains a description of the operation." type: "string" - events: - description: "Events determines the events collector to execute." + error: + description: "Error represents the expected errors for this test step. If any of these errors occur, the test\nwill consider them as expected; otherwise, they will be treated as test failures." properties: - cluster: - description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + file: + description: "File is the path to the referenced file. This can be a direct path to a file\nor an expression that matches multiple files, such as \"manifest/*.yaml\" for all YAML\nfiles within the \"manifest\" directory." type: "string" - clusters: - additionalProperties: - description: "Cluster defines cluster config and context." - properties: - context: - description: "Context is the name of the context to use." - type: "string" - kubeconfig: - description: "Kubeconfig is the path to the referenced file." - type: "string" - required: - - "kubeconfig" - type: "object" - description: "Clusters holds a registry to clusters to support multi-cluster tests." + resource: + description: "Check provides a check used in assertions." type: "object" + x-kubernetes-preserve-unknown-fields: true + template: + description: "Template determines whether resources should be considered for templating." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + events: + description: "Events determines the events collector to execute." + properties: format: description: "Format determines the output format (json or yaml)." pattern: "^(?:json|yaml|\\(.+\\))$" @@ -379,24 +425,6 @@ spec: apiVersion: description: "API version of the referent." type: "string" - cluster: - description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." - type: "string" - clusters: - additionalProperties: - description: "Cluster defines cluster config and context." - properties: - context: - description: "Context is the name of the context to use." - type: "string" - kubeconfig: - description: "Kubeconfig is the path to the referenced file." - type: "string" - required: - - "kubeconfig" - type: "object" - description: "Clusters holds a registry to clusters to support multi-cluster tests." - type: "object" format: description: "Format determines the output format (json or yaml)." pattern: "^(?:json|yaml|\\(.+\\))$" @@ -420,27 +448,68 @@ spec: - "apiVersion" - "kind" type: "object" - podLogs: - description: "PodLogs determines the pod logs collector to execute." + outputs: + description: "Outputs defines output bindings." + items: + description: "Output represents an output binding with a match to determine if the binding must be considered or not." + properties: + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + patch: + description: "Patch represents a patch operation." properties: - cluster: - description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." - type: "string" - clusters: - additionalProperties: - description: "Cluster defines cluster config and context." + dryRun: + description: "DryRun determines whether the file should be applied in dry run mode." + type: "boolean" + expect: + description: "Expect defines a list of matched checks to validate the operation outcome." + items: + description: "Expectation represents a check to be applied on the result of an operation\nwith a match filter to determine if the verification should be considered." properties: - context: - description: "Context is the name of the context to use." - type: "string" - kubeconfig: - description: "Kubeconfig is the path to the referenced file." - type: "string" + check: + description: "Check defines the verification statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true required: - - "kubeconfig" + - "check" type: "object" - description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "array" + file: + description: "File is the path to the referenced file. This can be a direct path to a file\nor an expression that matches multiple files, such as \"manifest/*.yaml\" for all YAML\nfiles within the \"manifest\" directory." + type: "string" + resource: + description: "Resource provides a resource to be applied." type: "object" + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + template: + description: "Template determines whether resources should be considered for templating." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + podLogs: + description: "PodLogs determines the pod logs collector to execute." + properties: container: description: "Container in pod to get logs from else --all-containers is used." type: "string" @@ -463,45 +532,10 @@ spec: script: description: "Script defines a script to run." properties: - bindings: - description: "Bindings defines additional binding key/values." - items: - description: "Binding represents a key/value set as a binding in an executing test." - properties: - name: - description: "Name the name of the binding." - pattern: "^(?:\\w+|\\(.+\\))$" - type: "string" - value: - description: "Value value of the binding." - x-kubernetes-preserve-unknown-fields: true - required: - - "name" - - "value" - type: "object" - type: "array" check: description: "Check is an assertion tree to validate the operation outcome." type: "object" x-kubernetes-preserve-unknown-fields: true - cluster: - description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." - type: "string" - clusters: - additionalProperties: - description: "Cluster defines cluster config and context." - properties: - context: - description: "Context is the name of the context to use." - type: "string" - kubeconfig: - description: "Kubeconfig is the path to the referenced file." - type: "string" - required: - - "kubeconfig" - type: "object" - description: "Clusters holds a registry to clusters to support multi-cluster tests." - type: "object" content: description: "Content defines a shell script (run with \"sh -c ...\")." type: "string" @@ -522,27 +556,6 @@ spec: - "value" type: "object" type: "array" - outputs: - description: "Outputs defines output bindings." - items: - description: "Output represents an output binding with a match to determine if the binding must be considered or not." - properties: - match: - description: "Match defines the matching statement." - type: "object" - x-kubernetes-preserve-unknown-fields: true - name: - description: "Name the name of the binding." - pattern: "^(?:\\w+|\\(.+\\))$" - type: "string" - value: - description: "Value value of the binding." - x-kubernetes-preserve-unknown-fields: true - required: - - "name" - - "value" - type: "object" - type: "array" skipLogOutput: description: "SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise." type: "boolean" @@ -559,30 +572,50 @@ spec: required: - "duration" type: "object" + update: + description: "Update represents an update operation." + properties: + dryRun: + description: "DryRun determines whether the file should be applied in dry run mode." + type: "boolean" + expect: + description: "Expect defines a list of matched checks to validate the operation outcome." + items: + description: "Expectation represents a check to be applied on the result of an operation\nwith a match filter to determine if the verification should be considered." + properties: + check: + description: "Check defines the verification statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + required: + - "check" + type: "object" + type: "array" + file: + description: "File is the path to the referenced file. This can be a direct path to a file\nor an expression that matches multiple files, such as \"manifest/*.yaml\" for all YAML\nfiles within the \"manifest\" directory." + type: "string" + resource: + description: "Resource provides a resource to be applied." + type: "object" + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + template: + description: "Template determines whether resources should be considered for templating." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" wait: description: "Wait determines the resource wait collector to execute." properties: apiVersion: description: "API version of the referent." type: "string" - cluster: - description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." - type: "string" - clusters: - additionalProperties: - description: "Cluster defines cluster config and context." - properties: - context: - description: "Context is the name of the context to use." - type: "string" - kubeconfig: - description: "Kubeconfig is the path to the referenced file." - type: "string" - required: - - "kubeconfig" - type: "object" - description: "Clusters holds a registry to clusters to support multi-cluster tests." - type: "object" for: description: "WaitFor specifies the condition to wait for." properties: diff --git a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/tests.yaml b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/tests.yaml index 43baa42e9..5110f8e9c 100644 --- a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/tests.yaml +++ b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/tests.yaml @@ -98,8 +98,98 @@ spec: catch: description: "Catch defines what the tests steps will execute when an error happens.\nThis will be combined with catch handlers defined at the test and step levels." items: - description: "CatchFinally defines actions to be executed in catch, finally and cleanup blocks." + description: "Operation defines operation elements." properties: + apply: + description: "Apply represents resources that should be applied for this test step. This can include things\nlike configuration settings or any other resources that need to be available during the test." + properties: + dryRun: + description: "DryRun determines whether the file should be applied in dry run mode." + type: "boolean" + expect: + description: "Expect defines a list of matched checks to validate the operation outcome." + items: + description: "Expectation represents a check to be applied on the result of an operation\nwith a match filter to determine if the verification should be considered." + properties: + check: + description: "Check defines the verification statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + required: + - "check" + type: "object" + type: "array" + file: + description: "File is the path to the referenced file. This can be a direct path to a file\nor an expression that matches multiple files, such as \"manifest/*.yaml\" for all YAML\nfiles within the \"manifest\" directory." + type: "string" + resource: + description: "Resource provides a resource to be applied." + type: "object" + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + template: + description: "Template determines whether resources should be considered for templating." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + assert: + description: "Assert represents an assertion to be made. It checks whether the conditions specified in the assertion hold true." + properties: + file: + description: "File is the path to the referenced file. This can be a direct path to a file\nor an expression that matches multiple files, such as \"manifest/*.yaml\" for all YAML\nfiles within the \"manifest\" directory." + type: "string" + resource: + description: "Check provides a check used in assertions." + type: "object" + x-kubernetes-preserve-unknown-fields: true + template: + description: "Template determines whether resources should be considered for templating." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + bindings: + description: "Bindings defines additional binding key/values." + items: + description: "Binding represents a key/value set as a binding in an executing test." + properties: + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + cluster: + description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + type: "string" + clusters: + additionalProperties: + description: "Cluster defines cluster config and context." + properties: + context: + description: "Context is the name of the context to use." + type: "string" + kubeconfig: + description: "Kubeconfig is the path to the referenced file." + type: "string" + required: + - "kubeconfig" + type: "object" + description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "object" command: description: "Command defines a command to run." properties: @@ -108,45 +198,10 @@ spec: items: type: "string" type: "array" - bindings: - description: "Bindings defines additional binding key/values." - items: - description: "Binding represents a key/value set as a binding in an executing test." - properties: - name: - description: "Name the name of the binding." - pattern: "^(?:\\w+|\\(.+\\))$" - type: "string" - value: - description: "Value value of the binding." - x-kubernetes-preserve-unknown-fields: true - required: - - "name" - - "value" - type: "object" - type: "array" check: description: "Check is an assertion tree to validate the operation outcome." type: "object" x-kubernetes-preserve-unknown-fields: true - cluster: - description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." - type: "string" - clusters: - additionalProperties: - description: "Cluster defines cluster config and context." - properties: - context: - description: "Context is the name of the context to use." - type: "string" - kubeconfig: - description: "Kubeconfig is the path to the referenced file." - type: "string" - required: - - "kubeconfig" - type: "object" - description: "Clusters holds a registry to clusters to support multi-cluster tests." - type: "object" entrypoint: description: "Entrypoint is the command entry point to run." type: "string" @@ -167,27 +222,6 @@ spec: - "value" type: "object" type: "array" - outputs: - description: "Outputs defines output bindings." - items: - description: "Output represents an output binding with a match to determine if the binding must be considered or not." - properties: - match: - description: "Match defines the matching statement." - type: "object" - x-kubernetes-preserve-unknown-fields: true - name: - description: "Name the name of the binding." - pattern: "^(?:\\w+|\\(.+\\))$" - type: "string" - value: - description: "Value value of the binding." - x-kubernetes-preserve-unknown-fields: true - required: - - "name" - - "value" - type: "object" - type: "array" skipLogOutput: description: "SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise." type: "boolean" @@ -197,44 +231,47 @@ spec: required: - "entrypoint" type: "object" - delete: - description: "Delete represents a deletion operation." + create: + description: "Create represents a creation operation." properties: - bindings: - description: "Bindings defines additional binding key/values." + dryRun: + description: "DryRun determines whether the file should be applied in dry run mode." + type: "boolean" + expect: + description: "Expect defines a list of matched checks to validate the operation outcome." items: - description: "Binding represents a key/value set as a binding in an executing test." + description: "Expectation represents a check to be applied on the result of an operation\nwith a match filter to determine if the verification should be considered." properties: - name: - description: "Name the name of the binding." - pattern: "^(?:\\w+|\\(.+\\))$" - type: "string" - value: - description: "Value value of the binding." + check: + description: "Check defines the verification statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + match: + description: "Match defines the matching statement." + type: "object" x-kubernetes-preserve-unknown-fields: true required: - - "name" - - "value" + - "check" type: "object" type: "array" - cluster: - description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + file: + description: "File is the path to the referenced file. This can be a direct path to a file\nor an expression that matches multiple files, such as \"manifest/*.yaml\" for all YAML\nfiles within the \"manifest\" directory." type: "string" - clusters: - additionalProperties: - description: "Cluster defines cluster config and context." - properties: - context: - description: "Context is the name of the context to use." - type: "string" - kubeconfig: - description: "Kubeconfig is the path to the referenced file." - type: "string" - required: - - "kubeconfig" - type: "object" - description: "Clusters holds a registry to clusters to support multi-cluster tests." + resource: + description: "Resource provides a resource to be applied." type: "object" + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + template: + description: "Template determines whether resources should be considered for templating." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + delete: + description: "Delete represents a deletion operation." + properties: deletionPropagationPolicy: description: "DeletionPropagationPolicy decides if a deletion will propagate to the dependents of\nthe object, and how the garbage collector will handle the propagation.\nOverrides the deletion propagation policy set in the Configuration, the Test and the TestStep." enum: @@ -271,11 +308,39 @@ spec: kind: description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" - labels: - additionalProperties: - type: "string" + labelSelector: description: "Label selector to match objects to delete" + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" type: "object" + x-kubernetes-map-type: "atomic" name: description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" @@ -299,24 +364,6 @@ spec: apiVersion: description: "API version of the referent." type: "string" - cluster: - description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." - type: "string" - clusters: - additionalProperties: - description: "Cluster defines cluster config and context." - properties: - context: - description: "Context is the name of the context to use." - type: "string" - kubeconfig: - description: "Kubeconfig is the path to the referenced file." - type: "string" - required: - - "kubeconfig" - type: "object" - description: "Clusters holds a registry to clusters to support multi-cluster tests." - type: "object" kind: description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" @@ -342,27 +389,26 @@ spec: description: description: "Description contains a description of the operation." type: "string" - events: - description: "Events determines the events collector to execute." + error: + description: "Error represents the expected errors for this test step. If any of these errors occur, the test\nwill consider them as expected; otherwise, they will be treated as test failures." properties: - cluster: - description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." + file: + description: "File is the path to the referenced file. This can be a direct path to a file\nor an expression that matches multiple files, such as \"manifest/*.yaml\" for all YAML\nfiles within the \"manifest\" directory." type: "string" - clusters: - additionalProperties: - description: "Cluster defines cluster config and context." - properties: - context: - description: "Context is the name of the context to use." - type: "string" - kubeconfig: - description: "Kubeconfig is the path to the referenced file." - type: "string" - required: - - "kubeconfig" - type: "object" - description: "Clusters holds a registry to clusters to support multi-cluster tests." + resource: + description: "Check provides a check used in assertions." type: "object" + x-kubernetes-preserve-unknown-fields: true + template: + description: "Template determines whether resources should be considered for templating." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + events: + description: "Events determines the events collector to execute." + properties: format: description: "Format determines the output format (json or yaml)." pattern: "^(?:json|yaml|\\(.+\\))$" @@ -386,24 +432,6 @@ spec: apiVersion: description: "API version of the referent." type: "string" - cluster: - description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." - type: "string" - clusters: - additionalProperties: - description: "Cluster defines cluster config and context." - properties: - context: - description: "Context is the name of the context to use." - type: "string" - kubeconfig: - description: "Kubeconfig is the path to the referenced file." - type: "string" - required: - - "kubeconfig" - type: "object" - description: "Clusters holds a registry to clusters to support multi-cluster tests." - type: "object" format: description: "Format determines the output format (json or yaml)." pattern: "^(?:json|yaml|\\(.+\\))$" @@ -427,27 +455,68 @@ spec: - "apiVersion" - "kind" type: "object" - podLogs: - description: "PodLogs determines the pod logs collector to execute." + outputs: + description: "Outputs defines output bindings." + items: + description: "Output represents an output binding with a match to determine if the binding must be considered or not." + properties: + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + name: + description: "Name the name of the binding." + pattern: "^(?:\\w+|\\(.+\\))$" + type: "string" + value: + description: "Value value of the binding." + x-kubernetes-preserve-unknown-fields: true + required: + - "name" + - "value" + type: "object" + type: "array" + patch: + description: "Patch represents a patch operation." properties: - cluster: - description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." - type: "string" - clusters: - additionalProperties: - description: "Cluster defines cluster config and context." + dryRun: + description: "DryRun determines whether the file should be applied in dry run mode." + type: "boolean" + expect: + description: "Expect defines a list of matched checks to validate the operation outcome." + items: + description: "Expectation represents a check to be applied on the result of an operation\nwith a match filter to determine if the verification should be considered." properties: - context: - description: "Context is the name of the context to use." - type: "string" - kubeconfig: - description: "Kubeconfig is the path to the referenced file." - type: "string" + check: + description: "Check defines the verification statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true required: - - "kubeconfig" + - "check" type: "object" - description: "Clusters holds a registry to clusters to support multi-cluster tests." + type: "array" + file: + description: "File is the path to the referenced file. This can be a direct path to a file\nor an expression that matches multiple files, such as \"manifest/*.yaml\" for all YAML\nfiles within the \"manifest\" directory." + type: "string" + resource: + description: "Resource provides a resource to be applied." type: "object" + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + template: + description: "Template determines whether resources should be considered for templating." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" + podLogs: + description: "PodLogs determines the pod logs collector to execute." + properties: container: description: "Container in pod to get logs from else --all-containers is used." type: "string" @@ -470,45 +539,10 @@ spec: script: description: "Script defines a script to run." properties: - bindings: - description: "Bindings defines additional binding key/values." - items: - description: "Binding represents a key/value set as a binding in an executing test." - properties: - name: - description: "Name the name of the binding." - pattern: "^(?:\\w+|\\(.+\\))$" - type: "string" - value: - description: "Value value of the binding." - x-kubernetes-preserve-unknown-fields: true - required: - - "name" - - "value" - type: "object" - type: "array" check: description: "Check is an assertion tree to validate the operation outcome." type: "object" x-kubernetes-preserve-unknown-fields: true - cluster: - description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." - type: "string" - clusters: - additionalProperties: - description: "Cluster defines cluster config and context." - properties: - context: - description: "Context is the name of the context to use." - type: "string" - kubeconfig: - description: "Kubeconfig is the path to the referenced file." - type: "string" - required: - - "kubeconfig" - type: "object" - description: "Clusters holds a registry to clusters to support multi-cluster tests." - type: "object" content: description: "Content defines a shell script (run with \"sh -c ...\")." type: "string" @@ -529,27 +563,6 @@ spec: - "value" type: "object" type: "array" - outputs: - description: "Outputs defines output bindings." - items: - description: "Output represents an output binding with a match to determine if the binding must be considered or not." - properties: - match: - description: "Match defines the matching statement." - type: "object" - x-kubernetes-preserve-unknown-fields: true - name: - description: "Name the name of the binding." - pattern: "^(?:\\w+|\\(.+\\))$" - type: "string" - value: - description: "Value value of the binding." - x-kubernetes-preserve-unknown-fields: true - required: - - "name" - - "value" - type: "object" - type: "array" skipLogOutput: description: "SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise." type: "boolean" @@ -566,30 +579,50 @@ spec: required: - "duration" type: "object" + update: + description: "Update represents an update operation." + properties: + dryRun: + description: "DryRun determines whether the file should be applied in dry run mode." + type: "boolean" + expect: + description: "Expect defines a list of matched checks to validate the operation outcome." + items: + description: "Expectation represents a check to be applied on the result of an operation\nwith a match filter to determine if the verification should be considered." + properties: + check: + description: "Check defines the verification statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + match: + description: "Match defines the matching statement." + type: "object" + x-kubernetes-preserve-unknown-fields: true + required: + - "check" + type: "object" + type: "array" + file: + description: "File is the path to the referenced file. This can be a direct path to a file\nor an expression that matches multiple files, such as \"manifest/*.yaml\" for all YAML\nfiles within the \"manifest\" directory." + type: "string" + resource: + description: "Resource provides a resource to be applied." + type: "object" + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + template: + description: "Template determines whether resources should be considered for templating." + type: "boolean" + timeout: + description: "Timeout for the operation. Overrides the global timeout set in the Configuration." + type: "string" + type: "object" wait: description: "Wait determines the resource wait collector to execute." properties: apiVersion: description: "API version of the referent." type: "string" - cluster: - description: "Cluster defines the target cluster (default cluster will be used if not specified and/or overridden)." - type: "string" - clusters: - additionalProperties: - description: "Cluster defines cluster config and context." - properties: - context: - description: "Context is the name of the context to use." - type: "string" - kubeconfig: - description: "Kubeconfig is the path to the referenced file." - type: "string" - required: - - "kubeconfig" - type: "object" - description: "Clusters holds a registry to clusters to support multi-cluster tests." - type: "object" for: description: "WaitFor specifies the condition to wait for." properties: @@ -911,11 +944,39 @@ spec: kind: description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" - labels: - additionalProperties: - type: "string" + labelSelector: description: "Label selector to match objects to delete" + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" type: "object" + x-kubernetes-map-type: "atomic" name: description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" @@ -1469,11 +1530,39 @@ spec: kind: description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" - labels: - additionalProperties: - type: "string" + labelSelector: description: "Label selector to match objects to delete" + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" type: "object" + x-kubernetes-map-type: "atomic" name: description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" @@ -2055,11 +2144,39 @@ spec: kind: description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" - labels: - additionalProperties: - type: "string" + labelSelector: description: "Label selector to match objects to delete" + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" type: "object" + x-kubernetes-map-type: "atomic" name: description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" @@ -2647,11 +2764,39 @@ spec: kind: description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" - labels: - additionalProperties: - type: "string" + labelSelector: description: "Label selector to match objects to delete" + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" type: "object" + x-kubernetes-map-type: "atomic" name: description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v1/clusterpolicies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v1/clusterpolicies.yaml index 376560dbb..b43196a54 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v1/clusterpolicies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v1/clusterpolicies.yaml @@ -87,7 +87,7 @@ spec: description: "Background controls if rules are applied to existing resources during a background scan.\nOptional. Default value is \"true\". The value must be set to \"false\" if the policy rule\nuses variables that are only available in the admission review request (e.g. user name)." type: "boolean" failurePolicy: - description: "FailurePolicy defines how unexpected policy errors and webhook response timeout errors are handled.\nRules within the same policy share the same failure behavior.\nThis field should not be accessed directly, instead `GetFailurePolicy()` should be used.\nAllowed values are Ignore or Fail. Defaults to Fail." + description: "Deprecated, use failurePolicy under the webhookConfiguration instead." enum: - "Ignore" - "Fail" @@ -99,7 +99,7 @@ spec: description: "Deprecated, use generateExisting instead" type: "boolean" mutateExistingOnPolicyUpdate: - description: "MutateExistingOnPolicyUpdate controls if a mutateExisting policy is applied on policy events.\nDefault value is \"false\"." + description: "Deprecated, use mutateExistingOnPolicyUpdate under the mutate rule instead" type: "boolean" rules: description: "Rules is a list of Rule instances. A Policy contains multiple rules and\neach rule can validate, mutate, or generate resources." @@ -1448,6 +1448,9 @@ spec: x-kubernetes-preserve-unknown-fields: true type: "object" type: "array" + mutateExistingOnPolicyUpdate: + description: "MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events." + type: "boolean" patchStrategicMerge: description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." x-kubernetes-preserve-unknown-fields: true @@ -2682,6 +2685,9 @@ spec: type: "array" type: "object" type: "array" + cosignOCI11: + description: "CosignOCI11 enables the experimental OCI 1.1 behaviour in cosign image verification.\nDefaults to false." + type: "boolean" image: description: "Deprecated. Use ImageReferences instead." type: "string" @@ -2829,10 +2835,16 @@ spec: type: "object" type: "array" webhookConfiguration: - description: "WebhookConfiguration specifies the custom configuration for Kubernetes admission webhookconfiguration.\nRequires Kubernetes 1.27 or later." + description: "WebhookConfiguration specifies the custom configuration for Kubernetes admission webhookconfiguration." properties: + failurePolicy: + description: "FailurePolicy defines how unexpected policy errors and webhook response timeout errors are handled.\nRules within the same policy share the same failure behavior.\nThis field should not be accessed directly, instead `GetFailurePolicy()` should be used.\nAllowed values are Ignore or Fail. Defaults to Fail." + enum: + - "Ignore" + - "Fail" + type: "string" matchConditions: - description: "MatchCondition configures admission webhook matchConditions." + description: "MatchCondition configures admission webhook matchConditions.\nRequires Kubernetes 1.27 or later." items: description: "MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook." properties: @@ -2847,9 +2859,13 @@ spec: - "name" type: "object" type: "array" + timeoutSeconds: + description: "TimeoutSeconds specifies the maximum time in seconds allowed to apply this policy.\nAfter the configured time expires, the admission request may fail, or may simply ignore the policy results,\nbased on the failure policy. The default timeout is 10s, the value must be between 1 and 30 seconds." + format: "int32" + type: "integer" type: "object" webhookTimeoutSeconds: - description: "WebhookTimeoutSeconds specifies the maximum time in seconds allowed to apply this policy.\nAfter the configured time expires, the admission request may fail, or may simply ignore the policy results,\nbased on the failure policy. The default timeout is 10s, the value must be between 1 and 30 seconds." + description: "Deprecated, use webhookTimeoutSeconds under webhookConfiguration instead." format: "int32" type: "integer" type: "object" @@ -4206,6 +4222,9 @@ spec: x-kubernetes-preserve-unknown-fields: true type: "object" type: "array" + mutateExistingOnPolicyUpdate: + description: "MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events." + type: "boolean" patchStrategicMerge: description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." x-kubernetes-preserve-unknown-fields: true @@ -5440,6 +5459,9 @@ spec: type: "array" type: "object" type: "array" + cosignOCI11: + description: "CosignOCI11 enables the experimental OCI 1.1 behaviour in cosign image verification.\nDefaults to false." + type: "boolean" image: description: "Deprecated. Use ImageReferences instead." type: "string" diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v1/policies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v1/policies.yaml index 7137d5586..1b60b9dc4 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v1/policies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v1/policies.yaml @@ -87,7 +87,7 @@ spec: description: "Background controls if rules are applied to existing resources during a background scan.\nOptional. Default value is \"true\". The value must be set to \"false\" if the policy rule\nuses variables that are only available in the admission review request (e.g. user name)." type: "boolean" failurePolicy: - description: "FailurePolicy defines how unexpected policy errors and webhook response timeout errors are handled.\nRules within the same policy share the same failure behavior.\nThis field should not be accessed directly, instead `GetFailurePolicy()` should be used.\nAllowed values are Ignore or Fail. Defaults to Fail." + description: "Deprecated, use failurePolicy under the webhookConfiguration instead." enum: - "Ignore" - "Fail" @@ -99,7 +99,7 @@ spec: description: "Deprecated, use generateExisting instead" type: "boolean" mutateExistingOnPolicyUpdate: - description: "MutateExistingOnPolicyUpdate controls if a mutateExisting policy is applied on policy events.\nDefault value is \"false\"." + description: "Deprecated, use mutateExistingOnPolicyUpdate under the mutate rule instead" type: "boolean" rules: description: "Rules is a list of Rule instances. A Policy contains multiple rules and\neach rule can validate, mutate, or generate resources." @@ -1448,6 +1448,9 @@ spec: x-kubernetes-preserve-unknown-fields: true type: "object" type: "array" + mutateExistingOnPolicyUpdate: + description: "MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events." + type: "boolean" patchStrategicMerge: description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." x-kubernetes-preserve-unknown-fields: true @@ -2682,6 +2685,9 @@ spec: type: "array" type: "object" type: "array" + cosignOCI11: + description: "CosignOCI11 enables the experimental OCI 1.1 behaviour in cosign image verification.\nDefaults to false." + type: "boolean" image: description: "Deprecated. Use ImageReferences instead." type: "string" @@ -2829,10 +2835,16 @@ spec: type: "object" type: "array" webhookConfiguration: - description: "WebhookConfiguration specifies the custom configuration for Kubernetes admission webhookconfiguration.\nRequires Kubernetes 1.27 or later." + description: "WebhookConfiguration specifies the custom configuration for Kubernetes admission webhookconfiguration." properties: + failurePolicy: + description: "FailurePolicy defines how unexpected policy errors and webhook response timeout errors are handled.\nRules within the same policy share the same failure behavior.\nThis field should not be accessed directly, instead `GetFailurePolicy()` should be used.\nAllowed values are Ignore or Fail. Defaults to Fail." + enum: + - "Ignore" + - "Fail" + type: "string" matchConditions: - description: "MatchCondition configures admission webhook matchConditions." + description: "MatchCondition configures admission webhook matchConditions.\nRequires Kubernetes 1.27 or later." items: description: "MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook." properties: @@ -2847,9 +2859,13 @@ spec: - "name" type: "object" type: "array" + timeoutSeconds: + description: "TimeoutSeconds specifies the maximum time in seconds allowed to apply this policy.\nAfter the configured time expires, the admission request may fail, or may simply ignore the policy results,\nbased on the failure policy. The default timeout is 10s, the value must be between 1 and 30 seconds." + format: "int32" + type: "integer" type: "object" webhookTimeoutSeconds: - description: "WebhookTimeoutSeconds specifies the maximum time in seconds allowed to apply this policy.\nAfter the configured time expires, the admission request may fail, or may simply ignore the policy results,\nbased on the failure policy. The default timeout is 10s, the value must be between 1 and 30 seconds." + description: "Deprecated, use webhookTimeoutSeconds under webhookConfiguration instead." format: "int32" type: "integer" type: "object" @@ -4206,6 +4222,9 @@ spec: x-kubernetes-preserve-unknown-fields: true type: "object" type: "array" + mutateExistingOnPolicyUpdate: + description: "MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events." + type: "boolean" patchStrategicMerge: description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." x-kubernetes-preserve-unknown-fields: true @@ -5440,6 +5459,9 @@ spec: type: "array" type: "object" type: "array" + cosignOCI11: + description: "CosignOCI11 enables the experimental OCI 1.1 behaviour in cosign image verification.\nDefaults to false." + type: "boolean" image: description: "Deprecated. Use ImageReferences instead." type: "string" diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v1beta1/updaterequests.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v1beta1/updaterequests.yaml index 90c5232d1..8130a40d2 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v1beta1/updaterequests.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v1beta1/updaterequests.yaml @@ -42,6 +42,7 @@ spec: - jsonPath: ".metadata.creationTimestamp" name: "Age" type: "date" + deprecated: true name: "v1beta1" schema: openAPIV3Schema: @@ -316,6 +317,6 @@ spec: type: "object" type: "object" served: true - storage: true + storage: false subresources: status: {} diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2/updaterequests.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2/updaterequests.yaml index 36ffe4ecc..55715295c 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2/updaterequests.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2/updaterequests.yaml @@ -310,6 +310,6 @@ spec: type: "object" type: "object" served: true - storage: false + storage: true subresources: status: {} diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clusterpolicies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clusterpolicies.yaml index fa657f3ba..69d1bc339 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clusterpolicies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clusterpolicies.yaml @@ -87,7 +87,7 @@ spec: description: "Background controls if rules are applied to existing resources during a background scan.\nOptional. Default value is \"true\". The value must be set to \"false\" if the policy rule\nuses variables that are only available in the admission review request (e.g. user name)." type: "boolean" failurePolicy: - description: "FailurePolicy defines how unexpected policy errors and webhook response timeout errors are handled.\nRules within the same policy share the same failure behavior.\nAllowed values are Ignore or Fail. Defaults to Fail." + description: "Deprecated, use failurePolicy under the webhookConfiguration instead." enum: - "Ignore" - "Fail" @@ -99,7 +99,7 @@ spec: description: "Deprecated, use generateExisting instead" type: "boolean" mutateExistingOnPolicyUpdate: - description: "MutateExistingOnPolicyUpdate controls if a mutateExisting policy is applied on policy events.\nDefault value is \"false\"." + description: "Deprecated, use mutateExistingOnPolicyUpdate under the mutate rule instead" type: "boolean" rules: description: "Rules is a list of Rule instances. A Policy contains multiple rules and\neach rule can validate, mutate, or generate resources." @@ -1174,6 +1174,9 @@ spec: x-kubernetes-preserve-unknown-fields: true type: "object" type: "array" + mutateExistingOnPolicyUpdate: + description: "MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events." + type: "boolean" patchStrategicMerge: description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." x-kubernetes-preserve-unknown-fields: true @@ -2664,10 +2667,16 @@ spec: type: "object" type: "array" webhookConfiguration: - description: "WebhookConfiguration specifies the custom configuration for Kubernetes admission webhookconfiguration.\nRequires Kubernetes 1.27 or later." + description: "WebhookConfiguration specifies the custom configuration for Kubernetes admission webhookconfiguration." properties: + failurePolicy: + description: "FailurePolicy defines how unexpected policy errors and webhook response timeout errors are handled.\nRules within the same policy share the same failure behavior.\nThis field should not be accessed directly, instead `GetFailurePolicy()` should be used.\nAllowed values are Ignore or Fail. Defaults to Fail." + enum: + - "Ignore" + - "Fail" + type: "string" matchConditions: - description: "MatchCondition configures admission webhook matchConditions." + description: "MatchCondition configures admission webhook matchConditions.\nRequires Kubernetes 1.27 or later." items: description: "MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook." properties: @@ -2682,9 +2691,13 @@ spec: - "name" type: "object" type: "array" + timeoutSeconds: + description: "TimeoutSeconds specifies the maximum time in seconds allowed to apply this policy.\nAfter the configured time expires, the admission request may fail, or may simply ignore the policy results,\nbased on the failure policy. The default timeout is 10s, the value must be between 1 and 30 seconds." + format: "int32" + type: "integer" type: "object" webhookTimeoutSeconds: - description: "WebhookTimeoutSeconds specifies the maximum time in seconds allowed to apply this policy.\nAfter the configured time expires, the admission request may fail, or may simply ignore the policy results,\nbased on the failure policy. The default timeout is 10s, the value must be between 1 and 30 seconds." + description: "Deprecated, use webhookTimeoutSeconds under webhookConfiguration instead." format: "int32" type: "integer" type: "object" @@ -4041,6 +4054,9 @@ spec: x-kubernetes-preserve-unknown-fields: true type: "object" type: "array" + mutateExistingOnPolicyUpdate: + description: "MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events." + type: "boolean" patchStrategicMerge: description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." x-kubernetes-preserve-unknown-fields: true @@ -5275,6 +5291,9 @@ spec: type: "array" type: "object" type: "array" + cosignOCI11: + description: "CosignOCI11 enables the experimental OCI 1.1 behaviour in cosign image verification.\nDefaults to false." + type: "boolean" image: description: "Deprecated. Use ImageReferences instead." type: "string" diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policies.yaml index d678906cf..1af9ce223 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policies.yaml @@ -87,7 +87,7 @@ spec: description: "Background controls if rules are applied to existing resources during a background scan.\nOptional. Default value is \"true\". The value must be set to \"false\" if the policy rule\nuses variables that are only available in the admission review request (e.g. user name)." type: "boolean" failurePolicy: - description: "FailurePolicy defines how unexpected policy errors and webhook response timeout errors are handled.\nRules within the same policy share the same failure behavior.\nAllowed values are Ignore or Fail. Defaults to Fail." + description: "Deprecated, use failurePolicy under the webhookConfiguration instead." enum: - "Ignore" - "Fail" @@ -99,7 +99,7 @@ spec: description: "Deprecated, use generateExisting instead" type: "boolean" mutateExistingOnPolicyUpdate: - description: "MutateExistingOnPolicyUpdate controls if a mutateExisting policy is applied on policy events.\nDefault value is \"false\"." + description: "Deprecated, use mutateExistingOnPolicyUpdate under the mutate rule instead" type: "boolean" rules: description: "Rules is a list of Rule instances. A Policy contains multiple rules and\neach rule can validate, mutate, or generate resources." @@ -1174,6 +1174,9 @@ spec: x-kubernetes-preserve-unknown-fields: true type: "object" type: "array" + mutateExistingOnPolicyUpdate: + description: "MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events." + type: "boolean" patchStrategicMerge: description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." x-kubernetes-preserve-unknown-fields: true @@ -2664,10 +2667,16 @@ spec: type: "object" type: "array" webhookConfiguration: - description: "WebhookConfiguration specifies the custom configuration for Kubernetes admission webhookconfiguration.\nRequires Kubernetes 1.27 or later." + description: "WebhookConfiguration specifies the custom configuration for Kubernetes admission webhookconfiguration." properties: + failurePolicy: + description: "FailurePolicy defines how unexpected policy errors and webhook response timeout errors are handled.\nRules within the same policy share the same failure behavior.\nThis field should not be accessed directly, instead `GetFailurePolicy()` should be used.\nAllowed values are Ignore or Fail. Defaults to Fail." + enum: + - "Ignore" + - "Fail" + type: "string" matchConditions: - description: "MatchCondition configures admission webhook matchConditions." + description: "MatchCondition configures admission webhook matchConditions.\nRequires Kubernetes 1.27 or later." items: description: "MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook." properties: @@ -2682,9 +2691,13 @@ spec: - "name" type: "object" type: "array" + timeoutSeconds: + description: "TimeoutSeconds specifies the maximum time in seconds allowed to apply this policy.\nAfter the configured time expires, the admission request may fail, or may simply ignore the policy results,\nbased on the failure policy. The default timeout is 10s, the value must be between 1 and 30 seconds." + format: "int32" + type: "integer" type: "object" webhookTimeoutSeconds: - description: "WebhookTimeoutSeconds specifies the maximum time in seconds allowed to apply this policy.\nAfter the configured time expires, the admission request may fail, or may simply ignore the policy results,\nbased on the failure policy. The default timeout is 10s, the value must be between 1 and 30 seconds." + description: "Deprecated, use webhookTimeoutSeconds under webhookConfiguration instead." format: "int32" type: "integer" type: "object" @@ -4041,6 +4054,9 @@ spec: x-kubernetes-preserve-unknown-fields: true type: "object" type: "array" + mutateExistingOnPolicyUpdate: + description: "MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events." + type: "boolean" patchStrategicMerge: description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." x-kubernetes-preserve-unknown-fields: true @@ -5275,6 +5291,9 @@ spec: type: "array" type: "object" type: "array" + cosignOCI11: + description: "CosignOCI11 enables the experimental OCI 1.1 behaviour in cosign image verification.\nDefaults to false." + type: "boolean" image: description: "Deprecated. Use ImageReferences instead." type: "string" diff --git a/crd-catalog/medik8s/self-node-remediation/self-node-remediation.medik8s.io/v1alpha1/selfnoderemediationtemplates.yaml b/crd-catalog/medik8s/self-node-remediation/self-node-remediation.medik8s.io/v1alpha1/selfnoderemediationtemplates.yaml index b0c77e099..67644da93 100644 --- a/crd-catalog/medik8s/self-node-remediation/self-node-remediation.medik8s.io/v1alpha1/selfnoderemediationtemplates.yaml +++ b/crd-catalog/medik8s/self-node-remediation/self-node-remediation.medik8s.io/v1alpha1/selfnoderemediationtemplates.yaml @@ -57,6 +57,8 @@ spec: status: description: "SelfNodeRemediationTemplateStatus defines the observed state of SelfNodeRemediationTemplate" type: "object" + required: + - "spec" type: "object" served: true storage: true diff --git a/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta1/flowcollectors.yaml b/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta1/flowcollectors.yaml index 7bba0a2fa..bd73b916e 100644 --- a/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta1/flowcollectors.yaml +++ b/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta1/flowcollectors.yaml @@ -434,11 +434,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -505,11 +507,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -565,11 +569,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1389,11 +1395,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1460,11 +1468,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1520,11 +1530,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" diff --git a/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta2/flowcollectors.yaml b/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta2/flowcollectors.yaml index 643871b53..acf6d5bc9 100644 --- a/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta2/flowcollectors.yaml +++ b/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta2/flowcollectors.yaml @@ -89,11 +89,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -110,11 +112,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -126,6 +130,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -150,11 +155,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -171,14 +178,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -214,11 +224,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -227,13 +239,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -257,11 +269,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -274,6 +288,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -289,6 +304,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -313,11 +329,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -326,13 +344,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -356,11 +374,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -373,6 +393,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -380,6 +401,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -411,11 +433,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -424,13 +448,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -454,11 +478,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -471,6 +497,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -486,6 +513,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -510,11 +538,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -523,13 +553,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -553,11 +583,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -570,6 +602,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -577,6 +610,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" nodeSelector: @@ -982,11 +1016,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -1003,11 +1039,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -1019,6 +1057,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -1043,11 +1082,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -1064,14 +1105,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -1107,11 +1151,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1120,13 +1166,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1150,11 +1196,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1167,6 +1215,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1182,6 +1231,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -1206,11 +1256,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1219,13 +1271,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1249,11 +1301,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1266,6 +1320,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1273,6 +1328,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -1304,11 +1360,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1317,13 +1375,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1347,11 +1405,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1364,6 +1424,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1379,6 +1440,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -1403,11 +1465,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1416,13 +1480,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1446,11 +1510,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1463,6 +1529,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1470,6 +1537,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" nodeSelector: @@ -1570,11 +1638,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1641,11 +1711,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1701,11 +1773,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -2657,11 +2731,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -2678,11 +2754,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -2694,6 +2772,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -2718,11 +2797,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -2739,14 +2820,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -2782,11 +2866,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -2795,13 +2881,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -2825,11 +2911,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -2842,6 +2930,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -2857,6 +2946,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -2881,11 +2971,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -2894,13 +2986,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -2924,11 +3016,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -2941,6 +3035,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -2948,6 +3043,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -2979,11 +3075,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -2992,13 +3090,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -3022,11 +3120,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -3039,6 +3139,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -3054,6 +3155,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -3078,11 +3180,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -3091,13 +3195,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -3121,11 +3225,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -3138,6 +3244,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -3145,6 +3252,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" nodeSelector: @@ -3257,11 +3365,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -3328,11 +3438,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -3388,11 +3500,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" diff --git a/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1/policies.yaml b/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1/policies.yaml index d43e14895..92b5caf39 100644 --- a/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1/policies.yaml +++ b/crd-catalog/nginxinc/kubernetes-ingress/k8s.nginx.org/v1/policies.yaml @@ -51,6 +51,24 @@ spec: type: "string" type: "array" type: "object" + apiKey: + description: "APIKey defines an API Key policy." + properties: + clientSecret: + type: "string" + suppliedIn: + description: "SuppliedIn defines the locations API Key should be supplied in." + properties: + header: + items: + type: "string" + type: "array" + query: + items: + type: "string" + type: "array" + type: "object" + type: "object" basicAuth: description: "BasicAuth holds HTTP Basic authentication configuration\npolicy status: preview" properties: diff --git a/crd-catalog/openshift/hive/hive.openshift.io/v1/hiveconfigs.yaml b/crd-catalog/openshift/hive/hive.openshift.io/v1/hiveconfigs.yaml index 334011616..09a80fd2c 100644 --- a/crd-catalog/openshift/hive/hive.openshift.io/v1/hiveconfigs.yaml +++ b/crd-catalog/openshift/hive/hive.openshift.io/v1/hiveconfigs.yaml @@ -443,6 +443,9 @@ spec: logLevel: description: "LogLevel is the level of logging to use for the Hive controllers. Acceptable levels, from coarsest to finest, are panic, fatal, error, warn, info, debug, and trace. The default level is info." type: "string" + machinePoolPollInterval: + description: "MachinePoolPollInterval is a string duration indicating how much time must pass before checking whether remote resources related to MachinePools need to be reapplied. Set to zero to disable polling -- we'll only reconcile when hub objects change. The default interval is 30m." + type: "string" maintenanceMode: description: "MaintenanceMode can be set to true to disable the hive controllers in situations where we need to ensure nothing is running that will add or act upon finalizers on Hive types. This should rarely be needed. Sets replicas to 0 for the hive-controllers deployment to accomplish this." type: "boolean" diff --git a/crd-catalog/openshift/ptp-operator/ptp.openshift.io/v1/ptpconfigs.yaml b/crd-catalog/openshift/ptp-operator/ptp.openshift.io/v1/ptpconfigs.yaml index 99df2ee37..1288c4d87 100644 --- a/crd-catalog/openshift/ptp-operator/ptp.openshift.io/v1/ptpconfigs.yaml +++ b/crd-catalog/openshift/ptp-operator/ptp.openshift.io/v1/ptpconfigs.yaml @@ -80,6 +80,10 @@ spec: additionalProperties: type: "string" type: "object" + syncEConf: + type: "string" + syncEOpts: + type: "string" ts2phcConf: type: "string" ts2phcOpts: diff --git a/crd-catalog/openshift/ptp-operator/ptp.openshift.io/v1/ptpoperatorconfigs.yaml b/crd-catalog/openshift/ptp-operator/ptp.openshift.io/v1/ptpoperatorconfigs.yaml index 2c2334698..57c32c5e2 100644 --- a/crd-catalog/openshift/ptp-operator/ptp.openshift.io/v1/ptpoperatorconfigs.yaml +++ b/crd-catalog/openshift/ptp-operator/ptp.openshift.io/v1/ptpoperatorconfigs.yaml @@ -45,6 +45,9 @@ spec: ptpEventConfig: description: "EventConfig to configure event sidecar" properties: + apiVersion: + description: "ApiVersion is used to determine which API is used for the event service 1.0: default version. event service is mapped to internal REST-API. 2.x: event service is mapped to O-RAN v3.0 Compliant O-Cloud Notification REST-API." + type: "string" enableEventPublisher: default: false description: "EnableEventPublisher will deploy event proxy as a sidecar" diff --git a/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgclusters.yaml b/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgclusters.yaml index 4d5a710b3..c22a9161d 100644 --- a/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgclusters.yaml +++ b/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgclusters.yaml @@ -4817,6 +4817,8 @@ spec: - "azure" type: "string" type: "object" + required: + - "image" type: "object" image: description: "The image name to use for PostgreSQL containers." diff --git a/crd-catalog/percona/percona-server-mysql-operator/ps.percona.com/v1alpha1/perconaservermysqls.yaml b/crd-catalog/percona/percona-server-mysql-operator/ps.percona.com/v1alpha1/perconaservermysqls.yaml index bfa6e05f2..1bcef2ef5 100644 --- a/crd-catalog/percona/percona-server-mysql-operator/ps.percona.com/v1alpha1/perconaservermysqls.yaml +++ b/crd-catalog/percona/percona-server-mysql-operator/ps.percona.com/v1alpha1/perconaservermysqls.yaml @@ -52,8 +52,6 @@ spec: type: "object" spec: properties: - allowUnsafeConfigurations: - type: "boolean" backup: properties: backoffLimit: @@ -8045,6 +8043,19 @@ spec: required: - "image" type: "object" + unsafeFlags: + properties: + mysqlSize: + type: "boolean" + orchestrator: + type: "boolean" + orchestratorSize: + type: "boolean" + proxy: + type: "boolean" + proxySize: + type: "boolean" + type: "object" updateStrategy: type: "string" upgradeOptions: diff --git a/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/felixconfigurations.yaml b/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/felixconfigurations.yaml index 83b91af4a..a23739bac 100644 --- a/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/felixconfigurations.yaml +++ b/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/felixconfigurations.yaml @@ -259,6 +259,12 @@ spec: genericXDPEnabled: description: "GenericXDPEnabled enables Generic XDP so network cards that don't support XDP offload or driver modes can use XDP. This is not recommended since it doesn't provide better performance than iptables. [Default: false]" type: "boolean" + goGCThreshold: + description: "GoGCThreshold Sets the Go runtime's garbage collection threshold. I.e. the percentage that the heap is allowed to grow before garbage collection is triggered. In general, doubling the value halves the CPU time spent doing GC, but it also doubles peak GC memory overhead. A special value of -1 can be used to disable GC entirely; this should only be used in conjunction with the GoMemoryLimitMB setting. \n This setting is overridden by the GOGC environment variable. \n [Default: 40]" + type: "integer" + goMemoryLimitMB: + description: "GoMemoryLimitMB sets a (soft) memory limit for the Go runtime in MB. The Go runtime will try to keep its memory usage under the limit by triggering GC as needed. To avoid thrashing, it will exceed the limit if GC starts to take more than 50% of the process's CPU time. A value of -1 disables the memory limit. \n Note that the memory limit, if used, must be considerably less than any hard resource limit set at the container or pod level. This is because felix is not the only process that must run in the container or pod. \n This setting is overridden by the GOMEMLIMIT environment variable. \n [Default: -1]" + type: "integer" healthEnabled: type: "boolean" healthHost: diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/prometheuses.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/prometheuses.yaml index 23de6fb24..06895bfe1 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/prometheuses.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/prometheuses.yaml @@ -1272,7 +1272,7 @@ spec: description: "Deprecated: use 'spec.image' instead." type: "string" bodySizeLimit: - description: "BodySizeLimit defines per-scrape on response body size.\nOnly valid in Prometheus versions 2.45.0 and newer." + description: "BodySizeLimit defines per-scrape on response body size.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit." pattern: "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$" type: "string" configMaps: @@ -2181,34 +2181,34 @@ spec: description: "Enable Prometheus to be used as a receiver for the Prometheus remote\nwrite protocol.\n\n\nWARNING: This is not considered an efficient way of ingesting samples.\nUse it with caution for specific low-volume use cases.\nIt is not suitable for replacing the ingestion via scraping and turning\nPrometheus into a push-based metrics collection system.\nFor more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver\n\n\nIt requires Prometheus >= v2.33.0." type: "boolean" enforcedBodySizeLimit: - description: "When defined, enforcedBodySizeLimit specifies a global limit on the size\nof uncompressed response body that will be accepted by Prometheus.\nTargets responding with a body larger than this many bytes will cause\nthe scrape to fail.\n\n\nIt requires Prometheus >= v2.28.0." + description: "When defined, enforcedBodySizeLimit specifies a global limit on the size\nof uncompressed response body that will be accepted by Prometheus.\nTargets responding with a body larger than this many bytes will cause\nthe scrape to fail.\n\n\nIt requires Prometheus >= v2.28.0.\n\n\nWhen both `enforcedBodySizeLimit` and `bodySizeLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedBodySizeLimit` is greater than the `bodySizeLimit`, the `bodySizeLimit` will be set to `enforcedBodySizeLimit`.\n* Scrape objects with a bodySizeLimit value less than or equal to enforcedBodySizeLimit keep their specific value.\n* Scrape objects with a bodySizeLimit value greater than enforcedBodySizeLimit are set to enforcedBodySizeLimit." pattern: "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$" type: "string" enforcedKeepDroppedTargets: - description: "When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets\ndropped by relabeling that will be kept in memory. The value overrides\nany `spec.keepDroppedTargets` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is\ngreater than zero and less than `spec.enforcedKeepDroppedTargets`.\n\n\nIt requires Prometheus >= v2.47.0." + description: "When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets\ndropped by relabeling that will be kept in memory. The value overrides\nany `spec.keepDroppedTargets` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is\ngreater than zero and less than `spec.enforcedKeepDroppedTargets`.\n\n\nIt requires Prometheus >= v2.47.0.\n\n\nWhen both `enforcedKeepDroppedTargets` and `keepDroppedTargets` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedKeepDroppedTargets` is greater than the `keepDroppedTargets`, the `keepDroppedTargets` will be set to `enforcedKeepDroppedTargets`.\n* Scrape objects with a keepDroppedTargets value less than or equal to enforcedKeepDroppedTargets keep their specific value.\n* Scrape objects with a keepDroppedTargets value greater than enforcedKeepDroppedTargets are set to enforcedKeepDroppedTargets." format: "int64" type: "integer" enforcedLabelLimit: - description: "When defined, enforcedLabelLimit specifies a global limit on the number\nof labels per sample. The value overrides any `spec.labelLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is\ngreater than zero and less than `spec.enforcedLabelLimit`.\n\n\nIt requires Prometheus >= v2.27.0." + description: "When defined, enforcedLabelLimit specifies a global limit on the number\nof labels per sample. The value overrides any `spec.labelLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is\ngreater than zero and less than `spec.enforcedLabelLimit`.\n\n\nIt requires Prometheus >= v2.27.0.\n\n\nWhen both `enforcedLabelLimit` and `labelLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelLimit` is greater than the `labelLimit`, the `labelLimit` will be set to `enforcedLabelLimit`.\n* Scrape objects with a labelLimit value less than or equal to enforcedLabelLimit keep their specific value.\n* Scrape objects with a labelLimit value greater than enforcedLabelLimit are set to enforcedLabelLimit." format: "int64" type: "integer" enforcedLabelNameLengthLimit: - description: "When defined, enforcedLabelNameLengthLimit specifies a global limit on the length\nof labels name per sample. The value overrides any `spec.labelNameLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelNameLengthLimit`.\n\n\nIt requires Prometheus >= v2.27.0." + description: "When defined, enforcedLabelNameLengthLimit specifies a global limit on the length\nof labels name per sample. The value overrides any `spec.labelNameLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelNameLengthLimit`.\n\n\nIt requires Prometheus >= v2.27.0.\n\n\nWhen both `enforcedLabelNameLengthLimit` and `labelNameLengthLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelNameLengthLimit` is greater than the `labelNameLengthLimit`, the `labelNameLengthLimit` will be set to `enforcedLabelNameLengthLimit`.\n* Scrape objects with a labelNameLengthLimit value less than or equal to enforcedLabelNameLengthLimit keep their specific value.\n* Scrape objects with a labelNameLengthLimit value greater than enforcedLabelNameLengthLimit are set to enforcedLabelNameLengthLimit." format: "int64" type: "integer" enforcedLabelValueLengthLimit: - description: "When not null, enforcedLabelValueLengthLimit defines a global limit on the length\nof labels value per sample. The value overrides any `spec.labelValueLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelValueLengthLimit`.\n\n\nIt requires Prometheus >= v2.27.0." + description: "When not null, enforcedLabelValueLengthLimit defines a global limit on the length\nof labels value per sample. The value overrides any `spec.labelValueLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelValueLengthLimit`.\n\n\nIt requires Prometheus >= v2.27.0.\n\n\nWhen both `enforcedLabelValueLengthLimit` and `labelValueLengthLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelValueLengthLimit` is greater than the `labelValueLengthLimit`, the `labelValueLengthLimit` will be set to `enforcedLabelValueLengthLimit`.\n* Scrape objects with a labelValueLengthLimit value less than or equal to enforcedLabelValueLengthLimit keep their specific value.\n* Scrape objects with a labelValueLengthLimit value greater than enforcedLabelValueLengthLimit are set to enforcedLabelValueLengthLimit." format: "int64" type: "integer" enforcedNamespaceLabel: description: "When not empty, a label will be added to:\n\n\n1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects.\n2. All metrics generated from recording rules defined in `PrometheusRule` objects.\n3. All alerts generated from alerting rules defined in `PrometheusRule` objects.\n4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects.\n\n\nThe label will not added for objects referenced in `spec.excludedFromEnforcement`.\n\n\nThe label's name is this field's value.\nThe label's value is the namespace of the `ServiceMonitor`,\n`PodMonitor`, `Probe`, `PrometheusRule` or `ScrapeConfig` object." type: "string" enforcedSampleLimit: - description: "When defined, enforcedSampleLimit specifies a global limit on the number\nof scraped samples that will be accepted. This overrides any\n`spec.sampleLimit` set by ServiceMonitor, PodMonitor, Probe objects\nunless `spec.sampleLimit` is greater than zero and less than\n`spec.enforcedSampleLimit`.\n\n\nIt is meant to be used by admins to keep the overall number of\nsamples/series under a desired limit." + description: "When defined, enforcedSampleLimit specifies a global limit on the number\nof scraped samples that will be accepted. This overrides any\n`spec.sampleLimit` set by ServiceMonitor, PodMonitor, Probe objects\nunless `spec.sampleLimit` is greater than zero and less than\n`spec.enforcedSampleLimit`.\n\n\nIt is meant to be used by admins to keep the overall number of\nsamples/series under a desired limit.\n\n\nWhen both `enforcedSampleLimit` and `sampleLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedSampleLimit` is greater than the `sampleLimit`, the `sampleLimit` will be set to `enforcedSampleLimit`.\n* Scrape objects with a sampleLimit value less than or equal to enforcedSampleLimit keep their specific value.\n* Scrape objects with a sampleLimit value greater than enforcedSampleLimit are set to enforcedSampleLimit." format: "int64" type: "integer" enforcedTargetLimit: - description: "When defined, enforcedTargetLimit specifies a global limit on the number\nof scraped targets. The value overrides any `spec.targetLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is\ngreater than zero and less than `spec.enforcedTargetLimit`.\n\n\nIt is meant to be used by admins to to keep the overall number of\ntargets under a desired limit." + description: "When defined, enforcedTargetLimit specifies a global limit on the number\nof scraped targets. The value overrides any `spec.targetLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is\ngreater than zero and less than `spec.enforcedTargetLimit`.\n\n\nIt is meant to be used by admins to to keep the overall number of\ntargets under a desired limit.\n\n\nWhen both `enforcedTargetLimit` and `targetLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedTargetLimit` is greater than the `targetLimit`, the `targetLimit` will be set to `enforcedTargetLimit`.\n* Scrape objects with a targetLimit value less than or equal to enforcedTargetLimit keep their specific value.\n* Scrape objects with a targetLimit value greater than enforcedTargetLimit are set to enforcedTargetLimit." format: "int64" type: "integer" evaluationInterval: @@ -3199,19 +3199,19 @@ spec: type: "object" type: "array" keepDroppedTargets: - description: "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\n\nIt requires Prometheus >= v2.47.0." + description: "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\n\nIt requires Prometheus >= v2.47.0.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets." format: "int64" type: "integer" labelLimit: - description: "Per-scrape limit on number of labels that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer." + description: "Per-scrape limit on number of labels that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit." format: "int64" type: "integer" labelNameLengthLimit: - description: "Per-scrape limit on length of labels name that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer." + description: "Per-scrape limit on length of labels name that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit." format: "int64" type: "integer" labelValueLengthLimit: - description: "Per-scrape limit on length of labels value that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer." + description: "Per-scrape limit on length of labels value that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit." format: "int64" type: "integer" listenLocal: @@ -3565,6 +3565,9 @@ spec: name: description: "The name of the remote read queue, it must be unique if specified. The\nname is used in metrics and logging in order to differentiate read\nconfigurations.\n\n\nIt requires Prometheus >= v2.15.0." type: "string" + noProxy: + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + type: "string" oauth2: description: "OAuth2 configuration for the URL.\n\n\nIt requires Prometheus >= v2.27.0.\n\n\nCannot be set at the same time as `authorization`, or `basicAuth`." properties: @@ -3642,8 +3645,35 @@ spec: - "clientSecret" - "tokenUrl" type: "object" + proxyConnectHeader: + additionalProperties: + items: + description: "SecretKeySelector selects a key of a Secret." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + type: "object" + x-kubernetes-map-type: "atomic" + proxyFromEnvironment: + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + type: "boolean" proxyUrl: - description: "Optional ProxyURL." + description: "`proxyURL` defines the HTTP proxy server to use.\n\n\nIt requires Prometheus >= v2.43.0." + pattern: "^http(s)?://.+$" type: "string" readRecent: description: "Whether reads should be made for queries for time ranges that\nthe local storage should have complete data for." @@ -3917,6 +3947,9 @@ spec: enableHTTP2: description: "Whether to enable HTTP2." type: "boolean" + followRedirects: + description: "Configure whether HTTP requests follow HTTP 3xx redirects.\n\n\nIt requires Prometheus >= v2.26.0." + type: "boolean" headers: additionalProperties: type: "string" @@ -3936,6 +3969,9 @@ spec: name: description: "The name of the remote write queue, it must be unique if specified. The\nname is used in metrics and logging in order to differentiate queues.\n\n\nIt requires Prometheus >= v2.15.0." type: "string" + noProxy: + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + type: "string" oauth2: description: "OAuth2 configuration for the URL.\n\n\nIt requires Prometheus >= v2.27.0.\n\n\nCannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`." properties: @@ -4013,8 +4049,35 @@ spec: - "clientSecret" - "tokenUrl" type: "object" + proxyConnectHeader: + additionalProperties: + items: + description: "SecretKeySelector selects a key of a Secret." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + type: "object" + x-kubernetes-map-type: "atomic" + proxyFromEnvironment: + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + type: "boolean" proxyUrl: - description: "Optional ProxyURL." + description: "`proxyURL` defines the HTTP proxy server to use.\n\n\nIt requires Prometheus >= v2.43.0." + pattern: "^http(s)?://.+$" type: "string" queueConfig: description: "QueueConfig allows tuning of the remote write queue parameters." @@ -4426,7 +4489,7 @@ spec: type: "object" type: "object" sampleLimit: - description: "SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\nOnly valid in Prometheus versions 2.45.0 and newer." + description: "SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit." format: "int64" type: "integer" scrapeClasses: @@ -5319,7 +5382,7 @@ spec: description: "Deprecated: use 'spec.image' instead. The image's tag can be specified as part of the image name." type: "string" targetLimit: - description: "TargetLimit defines a limit on the number of scraped targets that will be accepted.\nOnly valid in Prometheus versions 2.45.0 and newer." + description: "TargetLimit defines a limit on the number of scraped targets that will be accepted.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit." format: "int64" type: "integer" thanos: diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/alertmanagerconfigs.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/alertmanagerconfigs.yaml index fbd38016f..fe8a80cf1 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/alertmanagerconfigs.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/alertmanagerconfigs.yaml @@ -2054,6 +2054,10 @@ spec: tokenFile: description: "The token file that contains the registered application's API token, see https://pushover.net/apps.\nEither `token` or `tokenFile` is required.\nIt requires Alertmanager >= v0.26.0." type: "string" + ttl: + description: "The time to live definition for the alert notification" + pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" + type: "string" url: description: "A supplementary URL shown alongside the message." type: "string" diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/prometheusagents.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/prometheusagents.yaml index 6a0ef2e7d..7dbea81d4 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/prometheusagents.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/prometheusagents.yaml @@ -849,7 +849,7 @@ spec: description: "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod.\nIf the field isn't set, the operator mounts the service account token by default.\n\n\n**Warning:** be aware that by default, Prometheus requires the service account token for Kubernetes service discovery.\nIt is possible to use strategic merge patch to project the service account token into the 'prometheus' container." type: "boolean" bodySizeLimit: - description: "BodySizeLimit defines per-scrape on response body size.\nOnly valid in Prometheus versions 2.45.0 and newer." + description: "BodySizeLimit defines per-scrape on response body size.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit." pattern: "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$" type: "string" configMaps: @@ -1752,34 +1752,34 @@ spec: description: "Enable Prometheus to be used as a receiver for the Prometheus remote\nwrite protocol.\n\n\nWARNING: This is not considered an efficient way of ingesting samples.\nUse it with caution for specific low-volume use cases.\nIt is not suitable for replacing the ingestion via scraping and turning\nPrometheus into a push-based metrics collection system.\nFor more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver\n\n\nIt requires Prometheus >= v2.33.0." type: "boolean" enforcedBodySizeLimit: - description: "When defined, enforcedBodySizeLimit specifies a global limit on the size\nof uncompressed response body that will be accepted by Prometheus.\nTargets responding with a body larger than this many bytes will cause\nthe scrape to fail.\n\n\nIt requires Prometheus >= v2.28.0." + description: "When defined, enforcedBodySizeLimit specifies a global limit on the size\nof uncompressed response body that will be accepted by Prometheus.\nTargets responding with a body larger than this many bytes will cause\nthe scrape to fail.\n\n\nIt requires Prometheus >= v2.28.0.\n\n\nWhen both `enforcedBodySizeLimit` and `bodySizeLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedBodySizeLimit` is greater than the `bodySizeLimit`, the `bodySizeLimit` will be set to `enforcedBodySizeLimit`.\n* Scrape objects with a bodySizeLimit value less than or equal to enforcedBodySizeLimit keep their specific value.\n* Scrape objects with a bodySizeLimit value greater than enforcedBodySizeLimit are set to enforcedBodySizeLimit." pattern: "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$" type: "string" enforcedKeepDroppedTargets: - description: "When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets\ndropped by relabeling that will be kept in memory. The value overrides\nany `spec.keepDroppedTargets` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is\ngreater than zero and less than `spec.enforcedKeepDroppedTargets`.\n\n\nIt requires Prometheus >= v2.47.0." + description: "When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets\ndropped by relabeling that will be kept in memory. The value overrides\nany `spec.keepDroppedTargets` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is\ngreater than zero and less than `spec.enforcedKeepDroppedTargets`.\n\n\nIt requires Prometheus >= v2.47.0.\n\n\nWhen both `enforcedKeepDroppedTargets` and `keepDroppedTargets` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedKeepDroppedTargets` is greater than the `keepDroppedTargets`, the `keepDroppedTargets` will be set to `enforcedKeepDroppedTargets`.\n* Scrape objects with a keepDroppedTargets value less than or equal to enforcedKeepDroppedTargets keep their specific value.\n* Scrape objects with a keepDroppedTargets value greater than enforcedKeepDroppedTargets are set to enforcedKeepDroppedTargets." format: "int64" type: "integer" enforcedLabelLimit: - description: "When defined, enforcedLabelLimit specifies a global limit on the number\nof labels per sample. The value overrides any `spec.labelLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is\ngreater than zero and less than `spec.enforcedLabelLimit`.\n\n\nIt requires Prometheus >= v2.27.0." + description: "When defined, enforcedLabelLimit specifies a global limit on the number\nof labels per sample. The value overrides any `spec.labelLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is\ngreater than zero and less than `spec.enforcedLabelLimit`.\n\n\nIt requires Prometheus >= v2.27.0.\n\n\nWhen both `enforcedLabelLimit` and `labelLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelLimit` is greater than the `labelLimit`, the `labelLimit` will be set to `enforcedLabelLimit`.\n* Scrape objects with a labelLimit value less than or equal to enforcedLabelLimit keep their specific value.\n* Scrape objects with a labelLimit value greater than enforcedLabelLimit are set to enforcedLabelLimit." format: "int64" type: "integer" enforcedLabelNameLengthLimit: - description: "When defined, enforcedLabelNameLengthLimit specifies a global limit on the length\nof labels name per sample. The value overrides any `spec.labelNameLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelNameLengthLimit`.\n\n\nIt requires Prometheus >= v2.27.0." + description: "When defined, enforcedLabelNameLengthLimit specifies a global limit on the length\nof labels name per sample. The value overrides any `spec.labelNameLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelNameLengthLimit`.\n\n\nIt requires Prometheus >= v2.27.0.\n\n\nWhen both `enforcedLabelNameLengthLimit` and `labelNameLengthLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelNameLengthLimit` is greater than the `labelNameLengthLimit`, the `labelNameLengthLimit` will be set to `enforcedLabelNameLengthLimit`.\n* Scrape objects with a labelNameLengthLimit value less than or equal to enforcedLabelNameLengthLimit keep their specific value.\n* Scrape objects with a labelNameLengthLimit value greater than enforcedLabelNameLengthLimit are set to enforcedLabelNameLengthLimit." format: "int64" type: "integer" enforcedLabelValueLengthLimit: - description: "When not null, enforcedLabelValueLengthLimit defines a global limit on the length\nof labels value per sample. The value overrides any `spec.labelValueLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelValueLengthLimit`.\n\n\nIt requires Prometheus >= v2.27.0." + description: "When not null, enforcedLabelValueLengthLimit defines a global limit on the length\nof labels value per sample. The value overrides any `spec.labelValueLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelValueLengthLimit`.\n\n\nIt requires Prometheus >= v2.27.0.\n\n\nWhen both `enforcedLabelValueLengthLimit` and `labelValueLengthLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelValueLengthLimit` is greater than the `labelValueLengthLimit`, the `labelValueLengthLimit` will be set to `enforcedLabelValueLengthLimit`.\n* Scrape objects with a labelValueLengthLimit value less than or equal to enforcedLabelValueLengthLimit keep their specific value.\n* Scrape objects with a labelValueLengthLimit value greater than enforcedLabelValueLengthLimit are set to enforcedLabelValueLengthLimit." format: "int64" type: "integer" enforcedNamespaceLabel: description: "When not empty, a label will be added to:\n\n\n1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects.\n2. All metrics generated from recording rules defined in `PrometheusRule` objects.\n3. All alerts generated from alerting rules defined in `PrometheusRule` objects.\n4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects.\n\n\nThe label will not added for objects referenced in `spec.excludedFromEnforcement`.\n\n\nThe label's name is this field's value.\nThe label's value is the namespace of the `ServiceMonitor`,\n`PodMonitor`, `Probe`, `PrometheusRule` or `ScrapeConfig` object." type: "string" enforcedSampleLimit: - description: "When defined, enforcedSampleLimit specifies a global limit on the number\nof scraped samples that will be accepted. This overrides any\n`spec.sampleLimit` set by ServiceMonitor, PodMonitor, Probe objects\nunless `spec.sampleLimit` is greater than zero and less than\n`spec.enforcedSampleLimit`.\n\n\nIt is meant to be used by admins to keep the overall number of\nsamples/series under a desired limit." + description: "When defined, enforcedSampleLimit specifies a global limit on the number\nof scraped samples that will be accepted. This overrides any\n`spec.sampleLimit` set by ServiceMonitor, PodMonitor, Probe objects\nunless `spec.sampleLimit` is greater than zero and less than\n`spec.enforcedSampleLimit`.\n\n\nIt is meant to be used by admins to keep the overall number of\nsamples/series under a desired limit.\n\n\nWhen both `enforcedSampleLimit` and `sampleLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedSampleLimit` is greater than the `sampleLimit`, the `sampleLimit` will be set to `enforcedSampleLimit`.\n* Scrape objects with a sampleLimit value less than or equal to enforcedSampleLimit keep their specific value.\n* Scrape objects with a sampleLimit value greater than enforcedSampleLimit are set to enforcedSampleLimit." format: "int64" type: "integer" enforcedTargetLimit: - description: "When defined, enforcedTargetLimit specifies a global limit on the number\nof scraped targets. The value overrides any `spec.targetLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is\ngreater than zero and less than `spec.enforcedTargetLimit`.\n\n\nIt is meant to be used by admins to to keep the overall number of\ntargets under a desired limit." + description: "When defined, enforcedTargetLimit specifies a global limit on the number\nof scraped targets. The value overrides any `spec.targetLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is\ngreater than zero and less than `spec.enforcedTargetLimit`.\n\n\nIt is meant to be used by admins to to keep the overall number of\ntargets under a desired limit.\n\n\nWhen both `enforcedTargetLimit` and `targetLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedTargetLimit` is greater than the `targetLimit`, the `targetLimit` will be set to `enforcedTargetLimit`.\n* Scrape objects with a targetLimit value less than or equal to enforcedTargetLimit keep their specific value.\n* Scrape objects with a targetLimit value greater than enforcedTargetLimit are set to enforcedTargetLimit." format: "int64" type: "integer" excludedFromEnforcement: @@ -2757,19 +2757,19 @@ spec: type: "object" type: "array" keepDroppedTargets: - description: "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\n\nIt requires Prometheus >= v2.47.0." + description: "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\n\nIt requires Prometheus >= v2.47.0.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets." format: "int64" type: "integer" labelLimit: - description: "Per-scrape limit on number of labels that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer." + description: "Per-scrape limit on number of labels that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit." format: "int64" type: "integer" labelNameLengthLimit: - description: "Per-scrape limit on length of labels name that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer." + description: "Per-scrape limit on length of labels name that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit." format: "int64" type: "integer" labelValueLengthLimit: - description: "Per-scrape limit on length of labels value that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer." + description: "Per-scrape limit on length of labels value that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit." format: "int64" type: "integer" listenLocal: @@ -3141,6 +3141,9 @@ spec: enableHTTP2: description: "Whether to enable HTTP2." type: "boolean" + followRedirects: + description: "Configure whether HTTP requests follow HTTP 3xx redirects.\n\n\nIt requires Prometheus >= v2.26.0." + type: "boolean" headers: additionalProperties: type: "string" @@ -3160,6 +3163,9 @@ spec: name: description: "The name of the remote write queue, it must be unique if specified. The\nname is used in metrics and logging in order to differentiate queues.\n\n\nIt requires Prometheus >= v2.15.0." type: "string" + noProxy: + description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\n\nIt requires Prometheus >= v2.43.0." + type: "string" oauth2: description: "OAuth2 configuration for the URL.\n\n\nIt requires Prometheus >= v2.27.0.\n\n\nCannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`." properties: @@ -3237,8 +3243,35 @@ spec: - "clientSecret" - "tokenUrl" type: "object" + proxyConnectHeader: + additionalProperties: + items: + description: "SecretKeySelector selects a key of a Secret." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + description: "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\n\nIt requires Prometheus >= v2.43.0." + type: "object" + x-kubernetes-map-type: "atomic" + proxyFromEnvironment: + description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.43.0." + type: "boolean" proxyUrl: - description: "Optional ProxyURL." + description: "`proxyURL` defines the HTTP proxy server to use.\n\n\nIt requires Prometheus >= v2.43.0." + pattern: "^http(s)?://.+$" type: "string" queueConfig: description: "QueueConfig allows tuning of the remote write queue parameters." @@ -3559,7 +3592,7 @@ spec: description: "The route prefix Prometheus registers HTTP handlers for.\n\n\nThis is useful when using `spec.externalURL`, and a proxy is rewriting\nHTTP routes of a request, and the actual ExternalURL is still true, but\nthe server serves requests under a different route prefix. For example\nfor use with `kubectl proxy`." type: "string" sampleLimit: - description: "SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\nOnly valid in Prometheus versions 2.45.0 and newer." + description: "SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit." format: "int64" type: "integer" scrapeClasses: @@ -4446,7 +4479,7 @@ spec: type: "object" type: "object" targetLimit: - description: "TargetLimit defines a limit on the number of scraped targets that will be accepted.\nOnly valid in Prometheus versions 2.45.0 and newer." + description: "TargetLimit defines a limit on the number of scraped targets that will be accepted.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit." format: "int64" type: "integer" tolerations: diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1beta1/alertmanagerconfigs.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1beta1/alertmanagerconfigs.yaml index 531beb9ac..68d153c80 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1beta1/alertmanagerconfigs.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1beta1/alertmanagerconfigs.yaml @@ -1957,6 +1957,10 @@ spec: tokenFile: description: "The token file that contains the registered application's API token, see https://pushover.net/apps.\nEither `token` or `tokenFile` is required.\nIt requires Alertmanager >= v0.26.0." type: "string" + ttl: + description: "The time to live definition for the alert notification" + pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" + type: "string" url: description: "A supplementary URL shown alongside the message." type: "string" diff --git a/crd-catalog/rook/rook/ceph.rook.io/v1/cephblockpools.yaml b/crd-catalog/rook/rook/ceph.rook.io/v1/cephblockpools.yaml index 0f802a246..be0c5022a 100644 --- a/crd-catalog/rook/rook/ceph.rook.io/v1/cephblockpools.yaml +++ b/crd-catalog/rook/rook/ceph.rook.io/v1/cephblockpools.yaml @@ -75,6 +75,9 @@ spec: description: "The device class the OSD should set to for use in the pool" nullable: true type: "string" + enableCrushUpdates: + description: "Allow rook operator to change the pool CRUSH tunables once the pool is created" + type: "boolean" enableRBDStats: description: "EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool" type: "boolean" diff --git a/crd-catalog/rook/rook/ceph.rook.io/v1/cephclusters.yaml b/crd-catalog/rook/rook/ceph.rook.io/v1/cephclusters.yaml index 54337d815..72b813844 100644 --- a/crd-catalog/rook/rook/ceph.rook.io/v1/cephclusters.yaml +++ b/crd-catalog/rook/rook/ceph.rook.io/v1/cephclusters.yaml @@ -2059,7 +2059,7 @@ spec: type: "boolean" name: description: "Name is a unique identifier for the set" - maxLength: 40 + maxLength: 50 type: "string" placement: nullable: true diff --git a/crd-catalog/rook/rook/ceph.rook.io/v1/cephfilesystems.yaml b/crd-catalog/rook/rook/ceph.rook.io/v1/cephfilesystems.yaml index cebc25aa2..274ce611c 100644 --- a/crd-catalog/rook/rook/ceph.rook.io/v1/cephfilesystems.yaml +++ b/crd-catalog/rook/rook/ceph.rook.io/v1/cephfilesystems.yaml @@ -66,6 +66,9 @@ spec: description: "The device class the OSD should set to for use in the pool" nullable: true type: "string" + enableCrushUpdates: + description: "Allow rook operator to change the pool CRUSH tunables once the pool is created" + type: "boolean" enableRBDStats: description: "EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool" type: "boolean" @@ -237,6 +240,9 @@ spec: description: "The device class the OSD should set to for use in the pool" nullable: true type: "string" + enableCrushUpdates: + description: "Allow rook operator to change the pool CRUSH tunables once the pool is created" + type: "boolean" enableRBDStats: description: "EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool" type: "boolean" diff --git a/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectstores.yaml b/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectstores.yaml index 3f4ec5082..951e630bd 100644 --- a/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectstores.yaml +++ b/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectstores.yaml @@ -72,6 +72,9 @@ spec: description: "The device class the OSD should set to for use in the pool" nullable: true type: "string" + enableCrushUpdates: + description: "Allow rook operator to change the pool CRUSH tunables once the pool is created" + type: "boolean" enableRBDStats: description: "EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool" type: "boolean" @@ -1067,6 +1070,9 @@ spec: description: "The device class the OSD should set to for use in the pool" nullable: true type: "string" + enableCrushUpdates: + description: "Allow rook operator to change the pool CRUSH tunables once the pool is created" + type: "boolean" enableRBDStats: description: "EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool" type: "boolean" diff --git a/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectzones.yaml b/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectzones.yaml index 52f396d46..ea91576fe 100644 --- a/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectzones.yaml +++ b/crd-catalog/rook/rook/ceph.rook.io/v1/cephobjectzones.yaml @@ -67,6 +67,9 @@ spec: description: "The device class the OSD should set to for use in the pool" nullable: true type: "string" + enableCrushUpdates: + description: "Allow rook operator to change the pool CRUSH tunables once the pool is created" + type: "boolean" enableRBDStats: description: "EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool" type: "boolean" @@ -233,6 +236,9 @@ spec: description: "The device class the OSD should set to for use in the pool" nullable: true type: "string" + enableCrushUpdates: + description: "Allow rook operator to change the pool CRUSH tunables once the pool is created" + type: "boolean" enableRBDStats: description: "EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool" type: "boolean" diff --git a/crd-catalog/solo-io/gloo/enterprise.gloo.solo.io/v1/authconfigs.yaml b/crd-catalog/solo-io/gloo/enterprise.gloo.solo.io/v1/authconfigs.yaml index a93d4aab8..72145439a 100644 --- a/crd-catalog/solo-io/gloo/enterprise.gloo.solo.io/v1/authconfigs.yaml +++ b/crd-catalog/solo-io/gloo/enterprise.gloo.solo.io/v1/authconfigs.yaml @@ -219,7 +219,11 @@ spec: type: "string" type: "object" type: "array" + required: + - "secretRefs" type: "object" + required: + - "secretRefs" type: "object" jwt: maxProperties: 0 @@ -265,6 +269,8 @@ spec: type: "string" userDnTemplate: type: "string" + required: + - "address" type: "object" name: nullable: true @@ -294,6 +300,8 @@ spec: items: type: "string" type: "array" + required: + - "appUrl" type: "object" oauth2: properties: @@ -323,6 +331,8 @@ spec: type: "string" userIdAttributeName: type: "string" + required: + - "introspectionUrl" type: "object" introspectionUrl: type: "string" @@ -334,6 +344,8 @@ spec: properties: inlineString: type: "string" + required: + - "inlineString" type: "object" remoteJwks: properties: @@ -341,6 +353,8 @@ spec: type: "string" url: type: "string" + required: + - "url" type: "object" type: "object" requiredScopes: @@ -471,6 +485,12 @@ spec: additionalProperties: type: "string" type: "object" + required: + - "clientId" + - "appUrl" + - "callbackPath" + - "authEndpoint" + - "tokenEndpoint" type: "object" oidcAuthorizationCode: properties: @@ -559,6 +579,8 @@ spec: type: "object" validFor: type: "string" + required: + - "signingKeyRef" type: "object" type: "object" clientId: @@ -755,6 +777,11 @@ spec: additionalProperties: type: "string" type: "object" + required: + - "clientId" + - "issuerUrl" + - "appUrl" + - "callbackPath" type: "object" type: "object" opaAuth: @@ -777,6 +804,8 @@ spec: type: "object" query: type: "string" + required: + - "query" type: "object" opaServerAuth: properties: @@ -793,6 +822,8 @@ spec: type: "string" serverAddr: type: "string" + required: + - "package" type: "object" passThroughAuth: properties: @@ -824,6 +855,8 @@ spec: type: "object" tlsConfig: type: "object" + required: + - "address" type: "object" http: properties: @@ -865,6 +898,8 @@ spec: type: "object" url: type: "string" + required: + - "url" type: "object" type: "object" pluginAuth: @@ -878,6 +913,8 @@ spec: type: "string" pluginFileName: type: "string" + required: + - "config" type: "object" type: "object" type: "array" @@ -891,6 +928,8 @@ spec: x-kubernetes-preserve-unknown-fields: true type: "object" type: "object" + required: + - "configs" type: "object" status: default: {} diff --git a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routeoptions.yaml b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routeoptions.yaml index 7a8153e94..e6ba1610f 100644 --- a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routeoptions.yaml +++ b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routeoptions.yaml @@ -385,6 +385,9 @@ spec: type: "object" hostRewrite: type: "string" + hostRewriteHeader: + nullable: true + type: "string" hostRewritePathRegex: properties: pattern: diff --git a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routetables.yaml b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routetables.yaml index 8d3b47361..6945704db 100644 --- a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routetables.yaml +++ b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routetables.yaml @@ -495,6 +495,9 @@ spec: type: "object" hostRewrite: type: "string" + hostRewriteHeader: + nullable: true + type: "string" hostRewritePathRegex: properties: pattern: diff --git a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualservices.yaml b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualservices.yaml index 3dd7efc5b..47af867e6 100644 --- a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualservices.yaml +++ b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualservices.yaml @@ -3328,6 +3328,9 @@ spec: type: "object" hostRewrite: type: "string" + hostRewriteHeader: + nullable: true + type: "string" hostRewritePathRegex: properties: pattern: diff --git a/crd-catalog/validatedpatterns/patterns-operator/gitops.hybrid-cloud-patterns.io/v1alpha1/patterns.yaml b/crd-catalog/validatedpatterns/patterns-operator/gitops.hybrid-cloud-patterns.io/v1alpha1/patterns.yaml index 593e53991..9ef896c6b 100644 --- a/crd-catalog/validatedpatterns/patterns-operator/gitops.hybrid-cloud-patterns.io/v1alpha1/patterns.yaml +++ b/crd-catalog/validatedpatterns/patterns-operator/gitops.hybrid-cloud-patterns.io/v1alpha1/patterns.yaml @@ -77,11 +77,15 @@ spec: hostname: description: "Optional. FQDN of the git server if automatic parsing from TargetRepo is broken" type: "string" + inClusterGitServer: + default: false + description: "Enable in-cluster git server (avoids the need of forking the upstream repository)" + type: "boolean" originRepo: - description: "Upstream git repo containing the pattern to deploy. Used when in-cluster fork to point to the upstream pattern repository" + description: "Upstream git repo containing the pattern to deploy. Used when in-cluster fork to point to the upstream pattern repository.\nTakes precedence over TargetRepo" type: "string" originRevision: - description: "Branch, tag or commit in the upstream git repository. Does not support short-sha's. Default to HEAD" + description: "(DEPRECATED) Branch, tag or commit in the upstream git repository. Does not support short-sha's. Default to HEAD" type: "string" pollInterval: default: 180 @@ -99,8 +103,6 @@ spec: tokenSecretNamespace: description: "Optional. K8s secret namespace where the token for connecting to git can be found" type: "string" - required: - - "targetRepo" type: "object" multiSourceConfig: properties: diff --git a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/clusters.rs b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/clusters.rs index 47f69a19e..3865faf51 100644 --- a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/clusters.rs +++ b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/clusters.rs @@ -358,6 +358,9 @@ pub struct ClusterComponentSpecs { /// Deprecated since v0.10, replaced by the `schedulingPolicy` field. #[serde(default, skip_serializing_if = "Option::is_none")] pub affinity: Option, + /// Specifies Annotations to override or add for underlying Pods. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub annotations: Option>, /// References the name of a ComponentDefinition object. /// The ComponentDefinition specifies the behavior and characteristics of the Component. /// If both `componentDefRef` and `componentDef` are provided, @@ -378,6 +381,7 @@ pub struct ClusterComponentSpecs { /// TODO +kubebuilder:validation:XValidation:rule="self == oldSelf",message="componentDefRef is immutable" #[serde(default, skip_serializing_if = "Option::is_none", rename = "componentDefRef")] pub component_def_ref: Option, + /// Specifies the configuration content of a config template. #[serde(default, skip_serializing_if = "Option::is_none")] pub configs: Option>, /// Determines whether metrics exporter information is annotated on the Component's headless Service. @@ -409,6 +413,10 @@ pub struct ClusterComponentSpecs { /// ``` #[serde(default, skip_serializing_if = "Option::is_none", rename = "enabledLogs")] pub enabled_logs: Option>, + /// List of environment variables to add. + /// These environment variables will be placed after the environment variables declared in the Pod. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub env: Option>, /// Allows for the customization of configuration values for each instance within a Component. /// An instance represent a single replica (Pod and associated K8s resources like PVCs, Services, and ConfigMaps). /// While instances typically share a common configuration as defined in the ClusterComponentSpec, @@ -438,6 +446,9 @@ pub struct ClusterComponentSpecs { /// Required when TLS is enabled. #[serde(default, skip_serializing_if = "Option::is_none")] pub issuer: Option, + /// Specifies Labels to override or add for underlying Pods. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub labels: Option>, /// Deprecated since v0.9 /// Determines whether metrics exporter information is annotated on the Component's headless Service. /// @@ -605,6 +616,9 @@ pub struct ClusterComponentSpecs { /// These templates are used to dynamically provision persistent volumes for the Component. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplates")] pub volume_claim_templates: Option>, + /// List of volumes to override. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub volumes: Option>, } /// Specifies a group of affinity scheduling rules for the Component. @@ -770,6 +784,102 @@ pub struct ClusterComponentSpecsConfigsConfigMapItems { pub path: String, } +/// EnvVar represents an environment variable present in a Container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsEnv { + /// Name of the environment variable. Must be a C_IDENTIFIER. + pub name: String, + /// Variable references $(VAR_NAME) are expanded + /// using the previously defined environment variables in the container and + /// any service environment variables. If a variable cannot be resolved, + /// the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + /// "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + /// Escaped references will never be expanded, regardless of whether the variable + /// exists or not. + /// Defaults to "". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, + /// Source for the environment variable's value. Cannot be used if value is not empty. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] + pub value_from: Option, +} + +/// Source for the environment variable's value. Cannot be used if value is not empty. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsEnvValueFrom { + /// Selects a key of a ConfigMap. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] + pub config_map_key_ref: Option, + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] + pub field_ref: Option, + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] + pub resource_field_ref: Option, + /// Selects a key of a secret in the pod's namespace + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, +} + +/// Selects a key of a ConfigMap. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsEnvValueFromConfigMapKeyRef { + /// The key to select. + pub key: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsEnvValueFromFieldRef { + /// Version of the schema the FieldPath is written in terms of, defaults to "v1". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Path of the field to select in the specified API version. + #[serde(rename = "fieldPath")] + pub field_path: String, +} + +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsEnvValueFromResourceFieldRef { + /// Container name: required for volumes, optional for env vars + #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] + pub container_name: Option, + /// Specifies the output format of the exposed resources, defaults to "1" + #[serde(default, skip_serializing_if = "Option::is_none")] + pub divisor: Option, + /// Required: resource to select + pub resource: String, +} + +/// Selects a key of a secret in the pod's namespace +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsEnvValueFromSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + /// InstanceTemplate allows customization of individual replica configurations in a Component. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterComponentSpecsInstances { @@ -4822,661 +4932,764 @@ pub struct ClusterComponentSpecsVolumeClaimTemplatesSpecResourcesClaims { pub name: String, } -/// The configuration of network. -/// -/// -/// Deprecated since v0.9. -/// This field is maintained for backward compatibility and its use is discouraged. -/// Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterNetwork { - /// Indicates whether the host network can be accessed. By default, this is set to false. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostNetworkAccessible")] - pub host_network_accessible: Option, - /// Indicates whether the network is accessible to the public. By default, this is set to false. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "publiclyAccessible")] - pub publicly_accessible: Option, -} - -/// Specifies the resources of the first componentSpec, if the resources of the first componentSpec is specified, -/// this value will be ignored. -/// -/// -/// Deprecated since v0.9. -/// This field is maintained for backward compatibility and its use is discouraged. -/// Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. +/// Volume represents a named volume in a pod that may be accessed by any container in the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterResources { - /// Specifies the amount of CPU resource the Cluster needs. - /// For more information, refer to: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +pub struct ClusterComponentSpecsVolumes { + /// awsElasticBlockStore represents an AWS Disk resource that is attached to a + /// kubelet's host machine and then exposed to the pod. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + #[serde(default, skip_serializing_if = "Option::is_none", rename = "awsElasticBlockStore")] + pub aws_elastic_block_store: Option, + /// azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "azureDisk")] + pub azure_disk: Option, + /// azureFile represents an Azure File Service mount on the host and bind mount to the pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "azureFile")] + pub azure_file: Option, + /// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime #[serde(default, skip_serializing_if = "Option::is_none")] - pub cpu: Option, - /// Specifies the amount of memory resource the Cluster needs. - /// For more information, refer to: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + pub cephfs: Option, + /// cinder represents a cinder volume attached and mounted on kubelets host machine. + /// More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[serde(default, skip_serializing_if = "Option::is_none")] - pub memory: Option, -} - -/// Specifies the scheduling policy for the Cluster. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicy { - /// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. + pub cinder: Option, + /// configMap represents a configMap that should populate this volume + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). #[serde(default, skip_serializing_if = "Option::is_none")] - pub affinity: Option, - /// NodeName is a request to schedule this Pod onto a specific node. If it is non-empty, - /// the scheduler simply schedules this Pod onto that node, assuming that it fits resource - /// requirements. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] - pub node_name: Option, - /// NodeSelector is a selector which must be true for the Pod to fit on a node. - /// Selector which must match a node's labels for the Pod to be scheduled on that node. - /// More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] - pub node_selector: Option>, - /// If specified, the Pod will be dispatched by specified scheduler. - /// If not specified, the Pod will be dispatched by default scheduler. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulerName")] - pub scheduler_name: Option, - /// Allows Pods to be scheduled onto nodes with matching taints. - /// Each toleration in the array allows the Pod to tolerate node taints based on - /// specified `key`, `value`, `effect`, and `operator`. + pub csi: Option, + /// downwardAPI represents downward API about the pod that should populate this volume + #[serde(default, skip_serializing_if = "Option::is_none", rename = "downwardAPI")] + pub downward_api: Option, + /// emptyDir represents a temporary directory that shares a pod's lifetime. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDir")] + pub empty_dir: Option, + /// ephemeral represents a volume that is handled by a cluster storage driver. + /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + /// and deleted when the pod is removed. /// /// - /// - The `key`, `value`, and `effect` identify the taint that the toleration matches. - /// - The `operator` determines how the toleration matches the taint. + /// Use this if: + /// a) the volume is only needed while the pod runs, + /// b) features of normal volumes like restoring from snapshot or capacity + /// tracking are needed, + /// c) the storage driver is specified through a storage class, and + /// d) the storage driver supports dynamic volume provisioning through + /// a PersistentVolumeClaim (see EphemeralVolumeSource for more + /// information on the connection between this volume type + /// and PersistentVolumeClaim). /// /// - /// Pods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes. + /// Use PersistentVolumeClaim or one of the vendor-specific + /// APIs for volumes that persist for longer than the lifecycle + /// of an individual pod. + /// + /// + /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + /// be used that way - see the documentation of the driver for + /// more information. + /// + /// + /// A pod can use both types of ephemeral volumes and + /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] - pub tolerations: Option>, - /// TopologySpreadConstraints describes how a group of Pods ought to spread across topology - /// domains. Scheduler will schedule Pods in a way which abides by the constraints. - /// All topologySpreadConstraints are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] - pub topology_spread_constraints: Option>, -} - -/// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinity { - /// Describes node affinity scheduling rules for the pod. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinity")] - pub node_affinity: Option, - /// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAffinity")] - pub pod_affinity: Option, - /// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAntiAffinity")] - pub pod_anti_affinity: Option, -} - -/// Describes node affinity scheduling rules for the pod. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityNodeAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy - /// the affinity expressions specified by this field, but it may choose - /// a node that violates one or more of the expressions. The node that is - /// most preferred is the one with the greatest sum of weights, i.e. - /// for each node that meets all of the scheduling requirements (resource - /// request, requiredDuringScheduling affinity expressions, etc.), - /// compute a sum by iterating through the elements of this field and adding - /// "weight" to the sum if the node matches the corresponding matchExpressions; the - /// node(s) with the highest sum are the most preferred. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] - pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the affinity requirements specified by this field are not met at - /// scheduling time, the pod will not be scheduled onto the node. - /// If the affinity requirements specified by this field cease to be met - /// at some point during pod execution (e.g. due to an update), the system - /// may or may not try to eventually evict the pod from its node. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] - pub required_during_scheduling_ignored_during_execution: Option, -} - -/// An empty preferred scheduling term matches all objects with implicit weight 0 -/// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution { - /// A node selector term, associated with the corresponding weight. - pub preference: ClusterSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference, - /// Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. - pub weight: i32, -} - -/// A node selector term, associated with the corresponding weight. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference { - /// A list of node selector requirements by node's labels. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// A list of node selector requirements by node's fields. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] - pub match_fields: Option>, + pub ephemeral: Option, + /// fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub fc: Option, + /// flexVolume represents a generic volume resource that is + /// provisioned/attached using an exec based plugin. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "flexVolume")] + pub flex_volume: Option, + /// flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running + #[serde(default, skip_serializing_if = "Option::is_none")] + pub flocker: Option, + /// gcePersistentDisk represents a GCE Disk resource that is attached to a + /// kubelet's host machine and then exposed to the pod. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gcePersistentDisk")] + pub gce_persistent_disk: Option, + /// gitRepo represents a git repository at a particular revision. + /// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + /// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + /// into the Pod's container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gitRepo")] + pub git_repo: Option, + /// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + /// More info: https://examples.k8s.io/volumes/glusterfs/README.md + #[serde(default, skip_serializing_if = "Option::is_none")] + pub glusterfs: Option, + /// hostPath represents a pre-existing file or directory on the host + /// machine that is directly exposed to the container. This is generally + /// used for system agents or other privileged things that are allowed + /// to see the host machine. Most containers will NOT need this. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + /// --- + /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + /// mount host directories as read/write. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] + pub host_path: Option, + /// iscsi represents an ISCSI Disk resource that is attached to a + /// kubelet's host machine and then exposed to the pod. + /// More info: https://examples.k8s.io/volumes/iscsi/README.md + #[serde(default, skip_serializing_if = "Option::is_none")] + pub iscsi: Option, + /// name of the volume. + /// Must be a DNS_LABEL and unique within the pod. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + pub name: String, + /// nfs represents an NFS mount on the host that shares a pod's lifetime + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + #[serde(default, skip_serializing_if = "Option::is_none")] + pub nfs: Option, + /// persistentVolumeClaimVolumeSource represents a reference to a + /// PersistentVolumeClaim in the same namespace. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + #[serde(default, skip_serializing_if = "Option::is_none", rename = "persistentVolumeClaim")] + pub persistent_volume_claim: Option, + /// photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "photonPersistentDisk")] + pub photon_persistent_disk: Option, + /// portworxVolume represents a portworx volume attached and mounted on kubelets host machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "portworxVolume")] + pub portworx_volume: Option, + /// projected items for all in one resources secrets, configmaps, and downward API + #[serde(default, skip_serializing_if = "Option::is_none")] + pub projected: Option, + /// quobyte represents a Quobyte mount on the host that shares a pod's lifetime + #[serde(default, skip_serializing_if = "Option::is_none")] + pub quobyte: Option, + /// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + /// More info: https://examples.k8s.io/volumes/rbd/README.md + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rbd: Option, + /// scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "scaleIO")] + pub scale_io: Option, + /// secret represents a secret that should populate this volume. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, + /// storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub storageos: Option, + /// vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "vsphereVolume")] + pub vsphere_volume: Option, } -/// A node selector requirement is a selector that contains values, a key, and an operator -/// that relates the key and values. +/// awsElasticBlockStore represents an AWS Disk resource that is attached to a +/// kubelet's host machine and then exposed to the pod. +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions { - /// The label key that the selector applies to. - pub key: String, - /// Represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - pub operator: String, - /// An array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. If the operator is Gt or Lt, the values - /// array must have a single element, which will be interpreted as an integer. - /// This array is replaced during a strategic merge patch. +pub struct ClusterComponentSpecsVolumesAwsElasticBlockStore { + /// fsType is the filesystem type of the volume that you want to mount. + /// Tip: Ensure that the filesystem type is supported by the host operating system. + /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + /// TODO: how do we prevent errors in the filesystem from compromising the machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// partition is the partition in the volume that you want to mount. + /// If omitted, the default is to mount by volume name. + /// Examples: For volume /dev/sda1, you specify the partition as "1". + /// Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub partition: Option, + /// readOnly value true will force the readOnly setting in VolumeMounts. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + #[serde(rename = "volumeID")] + pub volume_id: String, } -/// A node selector requirement is a selector that contains values, a key, and an operator -/// that relates the key and values. +/// azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields { - /// The label key that the selector applies to. - pub key: String, - /// Represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - pub operator: String, - /// An array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. If the operator is Gt or Lt, the values - /// array must have a single element, which will be interpreted as an integer. - /// This array is replaced during a strategic merge patch. +pub struct ClusterComponentSpecsVolumesAzureDisk { + /// cachingMode is the Host Caching mode: None, Read Only, Read Write. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cachingMode")] + pub caching_mode: Option, + /// diskName is the Name of the data disk in the blob storage + #[serde(rename = "diskName")] + pub disk_name: String, + /// diskURI is the URI of data disk in the blob storage + #[serde(rename = "diskURI")] + pub disk_uri: String, + /// fsType is Filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub kind: Option, + /// readOnly Defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, } -/// If the affinity requirements specified by this field are not met at -/// scheduling time, the pod will not be scheduled onto the node. -/// If the affinity requirements specified by this field cease to be met -/// at some point during pod execution (e.g. due to an update), the system -/// may or may not try to eventually evict the pod from its node. +/// azureFile represents an Azure File Service mount on the host and bind mount to the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// Required. A list of node selector terms. The terms are ORed. - #[serde(rename = "nodeSelectorTerms")] - pub node_selector_terms: Vec, +pub struct ClusterComponentSpecsVolumesAzureFile { + /// readOnly defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretName is the name of secret that contains Azure Storage Account Name and Key + #[serde(rename = "secretName")] + pub secret_name: String, + /// shareName is the azure share Name + #[serde(rename = "shareName")] + pub share_name: String, } -/// A null or empty node selector term matches no objects. The requirements of -/// them are ANDed. -/// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +/// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms { - /// A list of node selector requirements by node's labels. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// A list of node selector requirements by node's fields. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] - pub match_fields: Option>, +pub struct ClusterComponentSpecsVolumesCephfs { + /// monitors is Required: Monitors is a collection of Ceph monitors + /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + pub monitors: Vec, + /// path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / + #[serde(default, skip_serializing_if = "Option::is_none")] + pub path: Option, + /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretFile")] + pub secret_file: Option, + /// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, + /// user is optional: User is the rados user name, default is admin + /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, } -/// A node selector requirement is a selector that contains values, a key, and an operator -/// that relates the key and values. +/// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. +/// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions { - /// The label key that the selector applies to. - pub key: String, - /// Represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - pub operator: String, - /// An array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. If the operator is Gt or Lt, the values - /// array must have a single element, which will be interpreted as an integer. - /// This array is replaced during a strategic merge patch. +pub struct ClusterComponentSpecsVolumesCephfsSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub name: Option, } -/// A node selector requirement is a selector that contains values, a key, and an operator -/// that relates the key and values. +/// cinder represents a cinder volume attached and mounted on kubelets host machine. +/// More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields { - /// The label key that the selector applies to. - pub key: String, - /// Represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - pub operator: String, - /// An array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. If the operator is Gt or Lt, the values - /// array must have a single element, which will be interpreted as an integer. - /// This array is replaced during a strategic merge patch. +pub struct ClusterComponentSpecsVolumesCinder { + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// More info: https://examples.k8s.io/mysql-cinder-pd/README.md + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// readOnly defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + /// More info: https://examples.k8s.io/mysql-cinder-pd/README.md + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretRef is optional: points to a secret object containing parameters used to connect + /// to OpenStack. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, + /// volumeID used to identify the volume in cinder. + /// More info: https://examples.k8s.io/mysql-cinder-pd/README.md + #[serde(rename = "volumeID")] + pub volume_id: String, +} + +/// secretRef is optional: points to a secret object containing parameters used to connect +/// to OpenStack. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesCinderSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub name: Option, } -/// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). +/// configMap represents a configMap that should populate this volume #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy - /// the affinity expressions specified by this field, but it may choose - /// a node that violates one or more of the expressions. The node that is - /// most preferred is the one with the greatest sum of weights, i.e. - /// for each node that meets all of the scheduling requirements (resource - /// request, requiredDuringScheduling affinity expressions, etc.), - /// compute a sum by iterating through the elements of this field and adding - /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - /// node(s) with the highest sum are the most preferred. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] - pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the affinity requirements specified by this field are not met at - /// scheduling time, the pod will not be scheduled onto the node. - /// If the affinity requirements specified by this field cease to be met - /// at some point during pod execution (e.g. due to a pod label update), the - /// system may or may not try to eventually evict the pod from its node. - /// When there are multiple elements, the lists of nodes corresponding to each - /// podAffinityTerm are intersected, i.e. all terms must be satisfied. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] - pub required_during_scheduling_ignored_during_execution: Option>, +pub struct ClusterComponentSpecsVolumesConfigMap { + /// defaultMode is optional: mode bits used to set permissions on created files by default. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// Defaults to 0644. + /// Directories within the path are not affected by this setting. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + /// items if unspecified, each key-value pair in the Data field of the referenced + /// ConfigMap will be projected into the volume as a file whose name is the + /// key and content is the value. If specified, the listed keys will be + /// projected into the specified paths, and unlisted keys will not be + /// present. If a key is specified which is not present in the ConfigMap, + /// the volume setup will error unless it is marked optional. Paths must be + /// relative and may not contain the '..' path or start with '..'. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// optional specify whether the ConfigMap or its keys must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, } -/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) +/// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution { - /// Required. A pod affinity term, associated with the corresponding weight. - #[serde(rename = "podAffinityTerm")] - pub pod_affinity_term: ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, - /// weight associated with matching the corresponding podAffinityTerm, - /// in the range 1-100. - pub weight: i32, +pub struct ClusterComponentSpecsVolumesConfigMapItems { + /// key is the key to project. + pub key: String, + /// mode is Optional: mode bits used to set permissions on this file. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + /// path is the relative path of the file to map the key to. + /// May not be an absolute path. + /// May not contain the path element '..'. + /// May not start with the string '..'. + pub path: String, } -/// Required. A pod affinity term, associated with the corresponding weight. +/// csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { - /// A label query over a set of resources, in this case pods. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] - pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. - /// The term is applied to the union of the namespaces selected by this field - /// and the ones listed in the namespaces field. - /// null selector and null or empty namespaces list means "this pod's namespace". - /// An empty selector ({}) matches all namespaces. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. - /// The term is applied to the union of the namespaces listed in this field - /// and the ones selected by namespaceSelector. - /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". - #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - /// the labelSelector in the specified namespaces, where co-located is defined as running on a node - /// whose value of the label with key topologyKey matches that of any node on which any of the - /// selected pods is running. - /// Empty topologyKey is not allowed. - #[serde(rename = "topologyKey")] - pub topology_key: String, +pub struct ClusterComponentSpecsVolumesCsi { + /// driver is the name of the CSI driver that handles this volume. + /// Consult with your admin for the correct name as registered in the cluster. + pub driver: String, + /// fsType to mount. Ex. "ext4", "xfs", "ntfs". + /// If not provided, the empty value is passed to the associated CSI driver + /// which will determine the default filesystem to apply. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// nodePublishSecretRef is a reference to the secret object containing + /// sensitive information to pass to the CSI driver to complete the CSI + /// NodePublishVolume and NodeUnpublishVolume calls. + /// This field is optional, and may be empty if no secret is required. If the + /// secret object contains more than one secret, all secret references are passed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodePublishSecretRef")] + pub node_publish_secret_ref: Option, + /// readOnly specifies a read-only configuration for the volume. + /// Defaults to false (read/write). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// volumeAttributes stores driver-specific properties that are passed to the CSI + /// driver. Consult your driver's documentation for supported values. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributes")] + pub volume_attributes: Option>, } -/// A label query over a set of resources, in this case pods. +/// nodePublishSecretRef is a reference to the secret object containing +/// sensitive information to pass to the CSI driver to complete the CSI +/// NodePublishVolume and NodeUnpublishVolume calls. +/// This field is optional, and may be empty if no secret is required. If the +/// secret object contains more than one secret, all secret references are passed. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterComponentSpecsVolumesCsiNodePublishSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, } -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. +/// downwardAPI represents downward API about the pod that should populate this volume #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. +pub struct ClusterComponentSpecsVolumesDownwardApi { + /// Optional: mode bits to use on created files by default. Must be a + /// Optional: mode bits used to set permissions on created files by default. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// Defaults to 0644. + /// Directories within the path are not affected by this setting. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + /// Items is a list of downward API volume file #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub items: Option>, } -/// A label query over the set of namespaces that the term applies to. -/// The term is applied to the union of the namespaces selected by this field -/// and the ones listed in the namespaces field. -/// null selector and null or empty namespaces list means "this pod's namespace". -/// An empty selector ({}) matches all namespaces. +/// DownwardAPIVolumeFile represents information to create the file containing the pod field #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterComponentSpecsVolumesDownwardApiItems { + /// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] + pub field_ref: Option, + /// Optional: mode bits used to set permissions on this file, must be an octal value + /// between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + /// Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' + pub path: String, + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] + pub resource_field_ref: Option, } -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. +/// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, +pub struct ClusterComponentSpecsVolumesDownwardApiItemsFieldRef { + /// Version of the schema the FieldPath is written in terms of, defaults to "v1". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Path of the field to select in the specified API version. + #[serde(rename = "fieldPath")] + pub field_path: String, } -/// Defines a set of pods (namely those matching the labelSelector -/// relative to the given namespace(s)) that this pod should be -/// co-located (affinity) or not co-located (anti-affinity) with, -/// where co-located is defined as running on a node whose value of -/// the label with key matches that of any node on which -/// a pod of the set of pods is running +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// A label query over a set of resources, in this case pods. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] - pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. - /// The term is applied to the union of the namespaces selected by this field - /// and the ones listed in the namespaces field. - /// null selector and null or empty namespaces list means "this pod's namespace". - /// An empty selector ({}) matches all namespaces. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. - /// The term is applied to the union of the namespaces listed in this field - /// and the ones selected by namespaceSelector. - /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". +pub struct ClusterComponentSpecsVolumesDownwardApiItemsResourceFieldRef { + /// Container name: required for volumes, optional for env vars + #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] + pub container_name: Option, + /// Specifies the output format of the exposed resources, defaults to "1" #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - /// the labelSelector in the specified namespaces, where co-located is defined as running on a node - /// whose value of the label with key topologyKey matches that of any node on which any of the - /// selected pods is running. - /// Empty topologyKey is not allowed. - #[serde(rename = "topologyKey")] - pub topology_key: String, + pub divisor: Option, + /// Required: resource to select + pub resource: String, } -/// A label query over a set of resources, in this case pods. +/// emptyDir represents a temporary directory that shares a pod's lifetime. +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, -} - -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. +pub struct ClusterComponentSpecsVolumesEmptyDir { + /// medium represents what type of storage medium should back this directory. + /// The default is "" which means to use the node's default medium. + /// Must be an empty string (default) or Memory. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub medium: Option, + /// sizeLimit is the total amount of local storage required for this EmptyDir volume. + /// The size limit is also applicable for memory medium. + /// The maximum usage on memory medium EmptyDir would be the minimum value between + /// the SizeLimit specified here and the sum of memory limits of all containers in a pod. + /// The default is nil which means that the limit is undefined. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sizeLimit")] + pub size_limit: Option, } -/// A label query over the set of namespaces that the term applies to. -/// The term is applied to the union of the namespaces selected by this field -/// and the ones listed in the namespaces field. -/// null selector and null or empty namespaces list means "this pod's namespace". -/// An empty selector ({}) matches all namespaces. +/// ephemeral represents a volume that is handled by a cluster storage driver. +/// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, +/// and deleted when the pod is removed. +/// +/// +/// Use this if: +/// a) the volume is only needed while the pod runs, +/// b) features of normal volumes like restoring from snapshot or capacity +/// tracking are needed, +/// c) the storage driver is specified through a storage class, and +/// d) the storage driver supports dynamic volume provisioning through +/// a PersistentVolumeClaim (see EphemeralVolumeSource for more +/// information on the connection between this volume type +/// and PersistentVolumeClaim). +/// +/// +/// Use PersistentVolumeClaim or one of the vendor-specific +/// APIs for volumes that persist for longer than the lifecycle +/// of an individual pod. +/// +/// +/// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to +/// be used that way - see the documentation of the driver for +/// more information. +/// +/// +/// A pod can use both types of ephemeral volumes and +/// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterComponentSpecsVolumesEphemeral { + /// Will be used to create a stand-alone PVC to provision the volume. + /// The pod in which this EphemeralVolumeSource is embedded will be the + /// owner of the PVC, i.e. the PVC will be deleted together with the + /// pod. The name of the PVC will be `-` where + /// `` is the name from the `PodSpec.Volumes` array + /// entry. Pod validation will reject the pod if the concatenated name + /// is not valid for a PVC (for example, too long). + /// + /// + /// An existing PVC with that name that is not owned by the pod + /// will *not* be used for the pod to avoid using an unrelated + /// volume by mistake. Starting the pod is then blocked until + /// the unrelated PVC is removed. If such a pre-created PVC is + /// meant to be used by the pod, the PVC has to updated with an + /// owner reference to the pod once the pod exists. Normally + /// this should not be necessary, but it may be useful when + /// manually reconstructing a broken cluster. + /// + /// + /// This field is read-only and no changes will be made by Kubernetes + /// to the PVC after it has been created. + /// + /// + /// Required, must not be nil. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] + pub volume_claim_template: Option, } -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. +/// Will be used to create a stand-alone PVC to provision the volume. +/// The pod in which this EphemeralVolumeSource is embedded will be the +/// owner of the PVC, i.e. the PVC will be deleted together with the +/// pod. The name of the PVC will be `-` where +/// `` is the name from the `PodSpec.Volumes` array +/// entry. Pod validation will reject the pod if the concatenated name +/// is not valid for a PVC (for example, too long). +/// +/// +/// An existing PVC with that name that is not owned by the pod +/// will *not* be used for the pod to avoid using an unrelated +/// volume by mistake. Starting the pod is then blocked until +/// the unrelated PVC is removed. If such a pre-created PVC is +/// meant to be used by the pod, the PVC has to updated with an +/// owner reference to the pod once the pod exists. Normally +/// this should not be necessary, but it may be useful when +/// manually reconstructing a broken cluster. +/// +/// +/// This field is read-only and no changes will be made by Kubernetes +/// to the PVC after it has been created. +/// +/// +/// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. +pub struct ClusterComponentSpecsVolumesEphemeralVolumeClaimTemplate { + /// May contain labels and annotations that will be copied into the PVC + /// when creating it. No other fields are allowed and will be rejected during + /// validation. #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, -} - -/// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAntiAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy - /// the anti-affinity expressions specified by this field, but it may choose - /// a node that violates one or more of the expressions. The node that is - /// most preferred is the one with the greatest sum of weights, i.e. - /// for each node that meets all of the scheduling requirements (resource - /// request, requiredDuringScheduling anti-affinity expressions, etc.), - /// compute a sum by iterating through the elements of this field and adding - /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - /// node(s) with the highest sum are the most preferred. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] - pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the anti-affinity requirements specified by this field are not met at - /// scheduling time, the pod will not be scheduled onto the node. - /// If the anti-affinity requirements specified by this field cease to be met - /// at some point during pod execution (e.g. due to a pod label update), the - /// system may or may not try to eventually evict the pod from its node. - /// When there are multiple elements, the lists of nodes corresponding to each - /// podAffinityTerm are intersected, i.e. all terms must be satisfied. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] - pub required_during_scheduling_ignored_during_execution: Option>, -} - -/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution { - /// Required. A pod affinity term, associated with the corresponding weight. - #[serde(rename = "podAffinityTerm")] - pub pod_affinity_term: ClusterSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, - /// weight associated with matching the corresponding podAffinityTerm, - /// in the range 1-100. - pub weight: i32, + pub metadata: Option, + /// The specification for the PersistentVolumeClaim. The entire content is + /// copied unchanged into the PVC that gets created from this + /// template. The same fields as in a PersistentVolumeClaim + /// are also valid here. + pub spec: ClusterComponentSpecsVolumesEphemeralVolumeClaimTemplateSpec, } -/// Required. A pod affinity term, associated with the corresponding weight. +/// May contain labels and annotations that will be copied into the PVC +/// when creating it. No other fields are allowed and will be rejected during +/// validation. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { - /// A label query over a set of resources, in this case pods. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] - pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. - /// The term is applied to the union of the namespaces selected by this field - /// and the ones listed in the namespaces field. - /// null selector and null or empty namespaces list means "this pod's namespace". - /// An empty selector ({}) matches all namespaces. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. - /// The term is applied to the union of the namespaces listed in this field - /// and the ones selected by namespaceSelector. - /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". +pub struct ClusterComponentSpecsVolumesEphemeralVolumeClaimTemplateMetadata { #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - /// the labelSelector in the specified namespaces, where co-located is defined as running on a node - /// whose value of the label with key topologyKey matches that of any node on which any of the - /// selected pods is running. - /// Empty topologyKey is not allowed. - #[serde(rename = "topologyKey")] - pub topology_key: String, -} - -/// A label query over a set of resources, in this case pods. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, -} - -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. + pub annotations: Option>, #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub finalizers: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub labels: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, } -/// A label query over the set of namespaces that the term applies to. -/// The term is applied to the union of the namespaces selected by this field -/// and the ones listed in the namespaces field. -/// null selector and null or empty namespaces list means "this pod's namespace". -/// An empty selector ({}) matches all namespaces. +/// The specification for the PersistentVolumeClaim. The entire content is +/// copied unchanged into the PVC that gets created from this +/// template. The same fields as in a PersistentVolumeClaim +/// are also valid here. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterComponentSpecsVolumesEphemeralVolumeClaimTemplateSpec { + /// accessModes contains the desired access modes the volume should have. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] + pub access_modes: Option>, + /// dataSource field can be used to specify either: + /// * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + /// * An existing PVC (PersistentVolumeClaim) + /// If the provisioner or an external controller can support the specified data source, + /// it will create a new volume based on the contents of the specified data source. + /// When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + /// and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + /// If the namespace is specified, then dataSourceRef will not be copied to dataSource. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSource")] + pub data_source: Option, + /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + /// volume is desired. This may be any object from a non-empty API group (non + /// core object) or a PersistentVolumeClaim object. + /// When this field is specified, volume binding will only succeed if the type of + /// the specified object matches some installed volume populator or dynamic + /// provisioner. + /// This field will replace the functionality of the dataSource field and as such + /// if both fields are non-empty, they must have the same value. For backwards + /// compatibility, when namespace isn't specified in dataSourceRef, + /// both fields (dataSource and dataSourceRef) will be set to the same + /// value automatically if one of them is empty and the other is non-empty. + /// When namespace is specified in dataSourceRef, + /// dataSource isn't set to the same value and must be empty. + /// There are three important differences between dataSource and dataSourceRef: + /// * While dataSource only allows two specific types of objects, dataSourceRef + /// allows any non-core object, as well as PersistentVolumeClaim objects. + /// * While dataSource ignores disallowed values (dropping them), dataSourceRef + /// preserves all values, and generates an error if a disallowed value is + /// specified. + /// * While dataSource only allows local objects, dataSourceRef allows objects + /// in any namespaces. + /// (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + /// (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSourceRef")] + pub data_source_ref: Option, + /// resources represents the minimum resources the volume should have. + /// If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + /// that are lower than previous value but must still be higher than capacity recorded in the + /// status field of the claim. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, + /// selector is a label query over volumes to consider for binding. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// storageClassName is the name of the StorageClass required by the claim. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] + pub storage_class_name: Option, + /// volumeMode defines what type of volume is required by the claim. + /// Value of Filesystem is implied when not included in claim spec. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] + pub volume_mode: Option, + /// volumeName is the binding reference to the PersistentVolume backing this claim. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] + pub volume_name: Option, } -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. +/// dataSource field can be used to specify either: +/// * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +/// * An existing PVC (PersistentVolumeClaim) +/// If the provisioner or an external controller can support the specified data source, +/// it will create a new volume based on the contents of the specified data source. +/// When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +/// and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +/// If the namespace is specified, then dataSourceRef will not be copied to dataSource. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, +pub struct ClusterComponentSpecsVolumesEphemeralVolumeClaimTemplateSpecDataSource { + /// APIGroup is the group for the resource being referenced. + /// If APIGroup is not specified, the specified Kind must be in the core API group. + /// For any other third-party types, APIGroup is required. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] + pub api_group: Option, + /// Kind is the type of resource being referenced + pub kind: String, + /// Name is the name of resource being referenced + pub name: String, } -/// Defines a set of pods (namely those matching the labelSelector -/// relative to the given namespace(s)) that this pod should be -/// co-located (affinity) or not co-located (anti-affinity) with, -/// where co-located is defined as running on a node whose value of -/// the label with key matches that of any node on which -/// a pod of the set of pods is running +/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +/// volume is desired. This may be any object from a non-empty API group (non +/// core object) or a PersistentVolumeClaim object. +/// When this field is specified, volume binding will only succeed if the type of +/// the specified object matches some installed volume populator or dynamic +/// provisioner. +/// This field will replace the functionality of the dataSource field and as such +/// if both fields are non-empty, they must have the same value. For backwards +/// compatibility, when namespace isn't specified in dataSourceRef, +/// both fields (dataSource and dataSourceRef) will be set to the same +/// value automatically if one of them is empty and the other is non-empty. +/// When namespace is specified in dataSourceRef, +/// dataSource isn't set to the same value and must be empty. +/// There are three important differences between dataSource and dataSourceRef: +/// * While dataSource only allows two specific types of objects, dataSourceRef +/// allows any non-core object, as well as PersistentVolumeClaim objects. +/// * While dataSource ignores disallowed values (dropping them), dataSourceRef +/// preserves all values, and generates an error if a disallowed value is +/// specified. +/// * While dataSource only allows local objects, dataSourceRef allows objects +/// in any namespaces. +/// (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +/// (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// A label query over a set of resources, in this case pods. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] - pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. - /// The term is applied to the union of the namespaces selected by this field - /// and the ones listed in the namespaces field. - /// null selector and null or empty namespaces list means "this pod's namespace". - /// An empty selector ({}) matches all namespaces. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. - /// The term is applied to the union of the namespaces listed in this field - /// and the ones selected by namespaceSelector. - /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". +pub struct ClusterComponentSpecsVolumesEphemeralVolumeClaimTemplateSpecDataSourceRef { + /// APIGroup is the group for the resource being referenced. + /// If APIGroup is not specified, the specified Kind must be in the core API group. + /// For any other third-party types, APIGroup is required. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] + pub api_group: Option, + /// Kind is the type of resource being referenced + pub kind: String, + /// Name is the name of resource being referenced + pub name: String, + /// Namespace is the namespace of resource being referenced + /// Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + /// (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - /// the labelSelector in the specified namespaces, where co-located is defined as running on a node - /// whose value of the label with key topologyKey matches that of any node on which any of the - /// selected pods is running. - /// Empty topologyKey is not allowed. - #[serde(rename = "topologyKey")] - pub topology_key: String, + pub namespace: Option, } -/// A label query over a set of resources, in this case pods. +/// resources represents the minimum resources the volume should have. +/// If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +/// that are lower than previous value but must still be higher than capacity recorded in the +/// status field of the claim. +/// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterComponentSpecsVolumesEphemeralVolumeClaimTemplateSpecResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. +/// ResourceClaim references one entry in PodSpec.ResourceClaims. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, +pub struct ClusterComponentSpecsVolumesEphemeralVolumeClaimTemplateSpecResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. + pub name: String, } -/// A label query over the set of namespaces that the term applies to. -/// The term is applied to the union of the namespaces selected by this field -/// and the ones listed in the namespaces field. -/// null selector and null or empty namespaces list means "this pod's namespace". -/// An empty selector ({}) matches all namespaces. +/// selector is a label query over volumes to consider for binding. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { +pub struct ClusterComponentSpecsVolumesEphemeralVolumeClaimTemplateSpecSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, + pub match_expressions: Option>, /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels /// map is equivalent to an element of matchExpressions, whose key field is "key", the /// operator is "In", and the values array contains only "value". The requirements are ANDed. @@ -5487,7 +5700,7 @@ pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulin /// A label selector requirement is a selector that contains values, a key, and an operator that /// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { +pub struct ClusterComponentSpecsVolumesEphemeralVolumeClaimTemplateSpecSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, /// operator represents a key's relationship to a set of values. @@ -5501,1498 +5714,4416 @@ pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulin pub values: Option>, } -/// The pod this Toleration is attached to tolerates any taint that matches -/// the triple using the matching operator . +/// fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyTolerations { - /// Effect indicates the taint effect to match. Empty means match all taint effects. - /// When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub effect: Option, - /// Key is the taint key that the toleration applies to. Empty means match all taint keys. - /// If the key is empty, operator must be Exists; this combination means to match all values and all keys. +pub struct ClusterComponentSpecsVolumesFc { + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// TODO: how do we prevent errors in the filesystem from compromising the machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// lun is Optional: FC target lun number #[serde(default, skip_serializing_if = "Option::is_none")] - pub key: Option, - /// Operator represents a key's relationship to the value. - /// Valid operators are Exists and Equal. Defaults to Equal. - /// Exists is equivalent to wildcard for value, so that a pod can - /// tolerate all taints of a particular category. + pub lun: Option, + /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// targetWWNs is Optional: FC target worldwide names (WWNs) + #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetWWNs")] + pub target_ww_ns: Option>, + /// wwids Optional: FC volume world wide identifiers (wwids) + /// Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. #[serde(default, skip_serializing_if = "Option::is_none")] - pub operator: Option, - /// TolerationSeconds represents the period of time the toleration (which must be - /// of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - /// it is not set, which means tolerate the taint forever (do not evict). Zero and - /// negative values will be treated as 0 (evict immediately) by the system. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] - pub toleration_seconds: Option, - /// Value is the taint value the toleration matches to. - /// If the operator is Exists, the value should be empty, otherwise just a regular string. + pub wwids: Option>, +} + +/// flexVolume represents a generic volume resource that is +/// provisioned/attached using an exec based plugin. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesFlexVolume { + /// driver is the name of the driver to use for this volume. + pub driver: String, + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// options is Optional: this field holds extra command options if any. #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option, + pub options: Option>, + /// readOnly is Optional: defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretRef is Optional: secretRef is reference to the secret object containing + /// sensitive information to pass to the plugin scripts. This may be + /// empty if no secret object is specified. If the secret object + /// contains more than one secret, all secrets are passed to the plugin + /// scripts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, } -/// TopologySpreadConstraint specifies how to spread matching pods among the given topology. +/// secretRef is Optional: secretRef is reference to the secret object containing +/// sensitive information to pass to the plugin scripts. This may be +/// empty if no secret object is specified. If the secret object +/// contains more than one secret, all secrets are passed to the plugin +/// scripts. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyTopologySpreadConstraints { - /// LabelSelector is used to find matching pods. - /// Pods that match this label selector are counted to determine the number of pods - /// in their corresponding topology domain. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] - pub label_selector: Option, - /// MatchLabelKeys is a set of pod label keys to select the pods over which - /// spreading will be calculated. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are ANDed with labelSelector - /// to select the group of existing pods over which spreading will be calculated - /// for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// MatchLabelKeys cannot be set when LabelSelector isn't set. - /// Keys that don't exist in the incoming pod labels will - /// be ignored. A null or empty list means only match against labelSelector. - /// - /// - /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] - pub match_label_keys: Option>, - /// MaxSkew describes the degree to which pods may be unevenly distributed. - /// When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference - /// between the number of matching pods in the target topology and the global minimum. - /// The global minimum is the minimum number of matching pods in an eligible domain - /// or zero if the number of eligible domains is less than MinDomains. - /// For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - /// labelSelector spread as 2/2/1: - /// In this case, the global minimum is 1. - /// | zone1 | zone2 | zone3 | - /// | P P | P P | P | - /// - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; - /// scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) - /// violate MaxSkew(1). - /// - if MaxSkew is 2, incoming pod can be scheduled onto any zone. - /// When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence - /// to topologies that satisfy it. - /// It's a required field. Default value is 1 and 0 is not allowed. - #[serde(rename = "maxSkew")] - pub max_skew: i32, - /// MinDomains indicates a minimum number of eligible domains. - /// When the number of eligible domains with matching topology keys is less than minDomains, - /// Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. - /// And when the number of eligible domains with matching topology keys equals or greater than minDomains, - /// this value has no effect on scheduling. - /// As a result, when the number of eligible domains is less than minDomains, - /// scheduler won't schedule more than maxSkew Pods to those domains. - /// If value is nil, the constraint behaves as if MinDomains is equal to 1. - /// Valid values are integers greater than 0. - /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - /// - /// - /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same - /// labelSelector spread as 2/2/2: - /// | zone1 | zone2 | zone3 | - /// | P P | P P | P P | - /// The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. - /// In this situation, new pod with the same labelSelector cannot be scheduled, - /// because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, - /// it will violate MaxSkew. - /// - /// - /// This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "minDomains")] - pub min_domains: Option, - /// NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector - /// when calculating pod topology spread skew. Options are: - /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - /// - /// - /// If this value is nil, the behavior is equivalent to the Honor policy. - /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] - pub node_affinity_policy: Option, - /// NodeTaintsPolicy indicates how we will treat node taints when calculating - /// pod topology spread skew. Options are: - /// - Honor: nodes without taints, along with tainted nodes for which the incoming pod - /// has a toleration, are included. - /// - Ignore: node taints are ignored. All nodes are included. - /// - /// - /// If this value is nil, the behavior is equivalent to the Ignore policy. - /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] - pub node_taints_policy: Option, - /// TopologyKey is the key of node labels. Nodes that have a label with this key - /// and identical values are considered to be in the same topology. - /// We consider each as a "bucket", and try to put balanced number - /// of pods into each bucket. - /// We define a domain as a particular instance of a topology. - /// Also, we define an eligible domain as a domain whose nodes meet the requirements of - /// nodeAffinityPolicy and nodeTaintsPolicy. - /// e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. - /// And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. - /// It's a required field. - #[serde(rename = "topologyKey")] - pub topology_key: String, - /// WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy - /// the spread constraint. - /// - DoNotSchedule (default) tells the scheduler not to schedule it. - /// - ScheduleAnyway tells the scheduler to schedule the pod in any location, - /// but giving higher precedence to topologies that would help reduce the - /// skew. - /// A constraint is considered "Unsatisfiable" for an incoming pod - /// if and only if every possible node assignment for that pod would violate - /// "MaxSkew" on some topology. - /// For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - /// labelSelector spread as 3/1/1: - /// | zone1 | zone2 | zone3 | - /// | P P P | P | P | - /// If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled - /// to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies - /// MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler - /// won't make it *more* imbalanced. - /// It's a required field. - #[serde(rename = "whenUnsatisfiable")] - pub when_unsatisfiable: String, +pub struct ClusterComponentSpecsVolumesFlexVolumeSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, } -/// LabelSelector is used to find matching pods. -/// Pods that match this label selector are counted to determine the number of pods -/// in their corresponding topology domain. +/// flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyTopologySpreadConstraintsLabelSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterComponentSpecsVolumesFlocker { + /// datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + /// should be considered as deprecated + #[serde(default, skip_serializing_if = "Option::is_none", rename = "datasetName")] + pub dataset_name: Option, + /// datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset + #[serde(default, skip_serializing_if = "Option::is_none", rename = "datasetUUID")] + pub dataset_uuid: Option, } -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. +/// gcePersistentDisk represents a GCE Disk resource that is attached to a +/// kubelet's host machine and then exposed to the pod. +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterSchedulingPolicyTopologySpreadConstraintsLabelSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. +pub struct ClusterComponentSpecsVolumesGcePersistentDisk { + /// fsType is filesystem type of the volume that you want to mount. + /// Tip: Ensure that the filesystem type is supported by the host operating system. + /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + /// TODO: how do we prevent errors in the filesystem from compromising the machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// partition is the partition in the volume that you want to mount. + /// If omitted, the default is to mount by volume name. + /// Examples: For volume /dev/sda1, you specify the partition as "1". + /// Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub partition: Option, + /// pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + #[serde(rename = "pdName")] + pub pd_name: String, + /// readOnly here will force the ReadOnly setting in VolumeMounts. + /// Defaults to false. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, } -/// ClusterService defines a service that is exposed externally, allowing entities outside the cluster to access it. -/// For example, external applications, or other Clusters. -/// And another Cluster managed by the same KubeBlocks operator can resolve the address exposed by a ClusterService -/// using the `serviceRef` field. -/// -/// -/// When a Component needs to access another Cluster's ClusterService using the `serviceRef` field, -/// it must also define the service type and version information in the `componentDefinition.spec.serviceRefDeclarations` -/// section. +/// gitRepo represents a git repository at a particular revision. +/// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +/// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +/// into the Pod's container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterServices { - /// If ServiceType is LoadBalancer, cloud provider related parameters can be put here - /// More info: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer. +pub struct ClusterComponentSpecsVolumesGitRepo { + /// directory is the target directory name. + /// Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + /// git repository. Otherwise, if specified, the volume will contain the git repository in + /// the subdirectory with the given name. #[serde(default, skip_serializing_if = "Option::is_none")] - pub annotations: Option>, - /// Extends the ServiceSpec.Selector by allowing the specification of a component, to be used as a selector for the service. - /// Note that this and the `shardingSelector` are mutually exclusive and cannot be set simultaneously. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "componentSelector")] - pub component_selector: Option, - /// Name defines the name of the service. - /// otherwise, it indicates the name of the service. - /// Others can refer to this service by its name. (e.g., connection credential) - /// Cannot be updated. - pub name: String, - /// Extends the above `serviceSpec.selector` by allowing you to specify defined role as selector for the service. - /// When `roleSelector` is set, it adds a label selector "kubeblocks.io/role: {roleSelector}" - /// to the `serviceSpec.selector`. - /// Example usage: - /// - /// - /// roleSelector: "leader" - /// + pub directory: Option, + /// repository is the URL + pub repository: String, + /// revision is the commit hash for the specified revision. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub revision: Option, +} + +/// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +/// More info: https://examples.k8s.io/volumes/glusterfs/README.md +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesGlusterfs { + /// endpoints is the endpoint name that details Glusterfs topology. + /// More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + pub endpoints: String, + /// path is the Glusterfs volume path. + /// More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + pub path: String, + /// readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + /// Defaults to false. + /// More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, +} + +/// hostPath represents a pre-existing file or directory on the host +/// machine that is directly exposed to the container. This is generally +/// used for system agents or other privileged things that are allowed +/// to see the host machine. Most containers will NOT need this. +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +/// --- +/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not +/// mount host directories as read/write. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesHostPath { + /// path of the directory on the host. + /// If the path is a symlink, it will follow the link to the real path. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + pub path: String, + /// type for HostPath Volume + /// Defaults to "" + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + +/// iscsi represents an ISCSI Disk resource that is attached to a +/// kubelet's host machine and then exposed to the pod. +/// More info: https://examples.k8s.io/volumes/iscsi/README.md +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesIscsi { + /// chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication + #[serde(default, skip_serializing_if = "Option::is_none", rename = "chapAuthDiscovery")] + pub chap_auth_discovery: Option, + /// chapAuthSession defines whether support iSCSI Session CHAP authentication + #[serde(default, skip_serializing_if = "Option::is_none", rename = "chapAuthSession")] + pub chap_auth_session: Option, + /// fsType is the filesystem type of the volume that you want to mount. + /// Tip: Ensure that the filesystem type is supported by the host operating system. + /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + /// TODO: how do we prevent errors in the filesystem from compromising the machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// initiatorName is the custom iSCSI Initiator Name. + /// If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + /// : will be created for the connection. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "initiatorName")] + pub initiator_name: Option, + /// iqn is the target iSCSI Qualified Name. + pub iqn: String, + /// iscsiInterface is the interface Name that uses an iSCSI transport. + /// Defaults to 'default' (tcp). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "iscsiInterface")] + pub iscsi_interface: Option, + /// lun represents iSCSI Target Lun number. + pub lun: i32, + /// portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + /// is other than default (typically TCP ports 860 and 3260). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub portals: Option>, + /// readOnly here will force the ReadOnly setting in VolumeMounts. + /// Defaults to false. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretRef is the CHAP Secret for iSCSI target and initiator authentication + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, + /// targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + /// is other than default (typically TCP ports 860 and 3260). + #[serde(rename = "targetPortal")] + pub target_portal: String, +} + +/// secretRef is the CHAP Secret for iSCSI target and initiator authentication +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesIscsiSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// nfs represents an NFS mount on the host that shares a pod's lifetime +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesNfs { + /// path that is exported by the NFS server. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + pub path: String, + /// readOnly here will force the NFS export to be mounted with read-only permissions. + /// Defaults to false. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// server is the hostname or IP address of the NFS server. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + pub server: String, +} + +/// persistentVolumeClaimVolumeSource represents a reference to a +/// PersistentVolumeClaim in the same namespace. +/// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesPersistentVolumeClaim { + /// claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + #[serde(rename = "claimName")] + pub claim_name: String, + /// readOnly Will force the ReadOnly setting in VolumeMounts. + /// Default false. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, +} + +/// photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesPhotonPersistentDisk { + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// pdID is the ID that identifies Photon Controller persistent disk + #[serde(rename = "pdID")] + pub pd_id: String, +} + +/// portworxVolume represents a portworx volume attached and mounted on kubelets host machine +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesPortworxVolume { + /// fSType represents the filesystem type to mount + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// readOnly defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// volumeID uniquely identifies a Portworx volume + #[serde(rename = "volumeID")] + pub volume_id: String, +} + +/// projected items for all in one resources secrets, configmaps, and downward API +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesProjected { + /// defaultMode are the mode bits used to set permissions on created files by default. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// Directories within the path are not affected by this setting. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + /// sources is the list of volume projections + #[serde(default, skip_serializing_if = "Option::is_none")] + pub sources: Option>, +} + +/// Projection that may be projected along with other supported volume types +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesProjectedSources { + /// configMap information about the configMap data to project + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// downwardAPI information about the downwardAPI data to project + #[serde(default, skip_serializing_if = "Option::is_none", rename = "downwardAPI")] + pub downward_api: Option, + /// secret information about the secret data to project + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, + /// serviceAccountToken is information about the serviceAccountToken data to project + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccountToken")] + pub service_account_token: Option, +} + +/// configMap information about the configMap data to project +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesProjectedSourcesConfigMap { + /// items if unspecified, each key-value pair in the Data field of the referenced + /// ConfigMap will be projected into the volume as a file whose name is the + /// key and content is the value. If specified, the listed keys will be + /// projected into the specified paths, and unlisted keys will not be + /// present. If a key is specified which is not present in the ConfigMap, + /// the volume setup will error unless it is marked optional. Paths must be + /// relative and may not contain the '..' path or start with '..'. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// optional specify whether the ConfigMap or its keys must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Maps a string key to a path within a volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesProjectedSourcesConfigMapItems { + /// key is the key to project. + pub key: String, + /// mode is Optional: mode bits used to set permissions on this file. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + /// path is the relative path of the file to map the key to. + /// May not be an absolute path. + /// May not contain the path element '..'. + /// May not start with the string '..'. + pub path: String, +} + +/// downwardAPI information about the downwardAPI data to project +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesProjectedSourcesDownwardApi { + /// Items is a list of DownwardAPIVolume file + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, +} + +/// DownwardAPIVolumeFile represents information to create the file containing the pod field +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesProjectedSourcesDownwardApiItems { + /// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] + pub field_ref: Option, + /// Optional: mode bits used to set permissions on this file, must be an octal value + /// between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + /// Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' + pub path: String, + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] + pub resource_field_ref: Option, +} + +/// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesProjectedSourcesDownwardApiItemsFieldRef { + /// Version of the schema the FieldPath is written in terms of, defaults to "v1". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Path of the field to select in the specified API version. + #[serde(rename = "fieldPath")] + pub field_path: String, +} + +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesProjectedSourcesDownwardApiItemsResourceFieldRef { + /// Container name: required for volumes, optional for env vars + #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] + pub container_name: Option, + /// Specifies the output format of the exposed resources, defaults to "1" + #[serde(default, skip_serializing_if = "Option::is_none")] + pub divisor: Option, + /// Required: resource to select + pub resource: String, +} + +/// secret information about the secret data to project +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesProjectedSourcesSecret { + /// items if unspecified, each key-value pair in the Data field of the referenced + /// Secret will be projected into the volume as a file whose name is the + /// key and content is the value. If specified, the listed keys will be + /// projected into the specified paths, and unlisted keys will not be + /// present. If a key is specified which is not present in the Secret, + /// the volume setup will error unless it is marked optional. Paths must be + /// relative and may not contain the '..' path or start with '..'. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// optional field specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Maps a string key to a path within a volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesProjectedSourcesSecretItems { + /// key is the key to project. + pub key: String, + /// mode is Optional: mode bits used to set permissions on this file. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + /// path is the relative path of the file to map the key to. + /// May not be an absolute path. + /// May not contain the path element '..'. + /// May not start with the string '..'. + pub path: String, +} + +/// serviceAccountToken is information about the serviceAccountToken data to project +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesProjectedSourcesServiceAccountToken { + /// audience is the intended audience of the token. A recipient of a token + /// must identify itself with an identifier specified in the audience of the + /// token, and otherwise should reject the token. The audience defaults to the + /// identifier of the apiserver. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub audience: Option, + /// expirationSeconds is the requested duration of validity of the service + /// account token. As the token approaches expiration, the kubelet volume + /// plugin will proactively rotate the service account token. The kubelet will + /// start trying to rotate the token if the token is older than 80 percent of + /// its time to live or if the token is older than 24 hours.Defaults to 1 hour + /// and must be at least 10 minutes. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "expirationSeconds")] + pub expiration_seconds: Option, + /// path is the path relative to the mount point of the file to project the + /// token into. + pub path: String, +} + +/// quobyte represents a Quobyte mount on the host that shares a pod's lifetime +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesQuobyte { + /// group to map volume access to + /// Default is no group + #[serde(default, skip_serializing_if = "Option::is_none")] + pub group: Option, + /// readOnly here will force the Quobyte volume to be mounted with read-only permissions. + /// Defaults to false. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// registry represents a single or multiple Quobyte Registry services + /// specified as a string as host:port pair (multiple entries are separated with commas) + /// which acts as the central registry for volumes + pub registry: String, + /// tenant owning the given Quobyte volume in the Backend + /// Used with dynamically provisioned Quobyte volumes, value is set by the plugin + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tenant: Option, + /// user to map volume access to + /// Defaults to serivceaccount user + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, + /// volume is a string that references an already created Quobyte volume by name. + pub volume: String, +} + +/// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +/// More info: https://examples.k8s.io/volumes/rbd/README.md +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesRbd { + /// fsType is the filesystem type of the volume that you want to mount. + /// Tip: Ensure that the filesystem type is supported by the host operating system. + /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + /// TODO: how do we prevent errors in the filesystem from compromising the machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// image is the rados image name. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + pub image: String, + /// keyring is the path to key ring for RBDUser. + /// Default is /etc/ceph/keyring. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none")] + pub keyring: Option, + /// monitors is a collection of Ceph monitors. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + pub monitors: Vec, + /// pool is the rados pool name. + /// Default is rbd. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none")] + pub pool: Option, + /// readOnly here will force the ReadOnly setting in VolumeMounts. + /// Defaults to false. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretRef is name of the authentication secret for RBDUser. If provided + /// overrides keyring. + /// Default is nil. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, + /// user is the rados user name. + /// Default is admin. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, +} + +/// secretRef is name of the authentication secret for RBDUser. If provided +/// overrides keyring. +/// Default is nil. +/// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesRbdSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesScaleIo { + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". + /// Default is "xfs". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// gateway is the host address of the ScaleIO API Gateway. + pub gateway: String, + /// protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "protectionDomain")] + pub protection_domain: Option, + /// readOnly Defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretRef references to the secret for ScaleIO user and other + /// sensitive information. If this is not provided, Login operation will fail. + #[serde(rename = "secretRef")] + pub secret_ref: ClusterComponentSpecsVolumesScaleIoSecretRef, + /// sslEnabled Flag enable/disable SSL communication with Gateway, default false + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sslEnabled")] + pub ssl_enabled: Option, + /// storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + /// Default is ThinProvisioned. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageMode")] + pub storage_mode: Option, + /// storagePool is the ScaleIO Storage Pool associated with the protection domain. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePool")] + pub storage_pool: Option, + /// system is the name of the storage system as configured in ScaleIO. + pub system: String, + /// volumeName is the name of a volume already created in the ScaleIO system + /// that is associated with this volume source. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] + pub volume_name: Option, +} + +/// secretRef references to the secret for ScaleIO user and other +/// sensitive information. If this is not provided, Login operation will fail. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesScaleIoSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// secret represents a secret that should populate this volume. +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesSecret { + /// defaultMode is Optional: mode bits used to set permissions on created files by default. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values + /// for mode bits. Defaults to 0644. + /// Directories within the path are not affected by this setting. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + /// items If unspecified, each key-value pair in the Data field of the referenced + /// Secret will be projected into the volume as a file whose name is the + /// key and content is the value. If specified, the listed keys will be + /// projected into the specified paths, and unlisted keys will not be + /// present. If a key is specified which is not present in the Secret, + /// the volume setup will error unless it is marked optional. Paths must be + /// relative and may not contain the '..' path or start with '..'. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + /// optional field specify whether the Secret or its keys must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, + /// secretName is the name of the secret in the pod's namespace to use. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] + pub secret_name: Option, +} + +/// Maps a string key to a path within a volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesSecretItems { + /// key is the key to project. + pub key: String, + /// mode is Optional: mode bits used to set permissions on this file. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + /// path is the relative path of the file to map the key to. + /// May not be an absolute path. + /// May not contain the path element '..'. + /// May not start with the string '..'. + pub path: String, +} + +/// storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesStorageos { + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// readOnly defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretRef specifies the secret to use for obtaining the StorageOS API + /// credentials. If not specified, default values will be attempted. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, + /// volumeName is the human-readable name of the StorageOS volume. Volume + /// names are only unique within a namespace. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] + pub volume_name: Option, + /// volumeNamespace specifies the scope of the volume within StorageOS. If no + /// namespace is specified then the Pod's namespace will be used. This allows the + /// Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + /// Set VolumeName to any name to override the default behaviour. + /// Set to "default" if you are not using namespaces within StorageOS. + /// Namespaces that do not pre-exist within StorageOS will be created. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeNamespace")] + pub volume_namespace: Option, +} + +/// secretRef specifies the secret to use for obtaining the StorageOS API +/// credentials. If not specified, default values will be attempted. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesStorageosSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterComponentSpecsVolumesVsphereVolume { + /// fsType is filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePolicyID")] + pub storage_policy_id: Option, + /// storagePolicyName is the storage Policy Based Management (SPBM) profile name. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePolicyName")] + pub storage_policy_name: Option, + /// volumePath is the path that identifies vSphere volume vmdk + #[serde(rename = "volumePath")] + pub volume_path: String, +} + +/// The configuration of network. +/// +/// +/// Deprecated since v0.9. +/// This field is maintained for backward compatibility and its use is discouraged. +/// Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterNetwork { + /// Indicates whether the host network can be accessed. By default, this is set to false. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostNetworkAccessible")] + pub host_network_accessible: Option, + /// Indicates whether the network is accessible to the public. By default, this is set to false. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "publiclyAccessible")] + pub publicly_accessible: Option, +} + +/// Specifies the resources of the first componentSpec, if the resources of the first componentSpec is specified, +/// this value will be ignored. +/// +/// +/// Deprecated since v0.9. +/// This field is maintained for backward compatibility and its use is discouraged. +/// Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterResources { + /// Specifies the amount of CPU resource the Cluster needs. + /// For more information, refer to: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cpu: Option, + /// Specifies the amount of memory resource the Cluster needs. + /// For more information, refer to: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub memory: Option, +} + +/// Specifies the scheduling policy for the Cluster. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicy { + /// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub affinity: Option, + /// NodeName is a request to schedule this Pod onto a specific node. If it is non-empty, + /// the scheduler simply schedules this Pod onto that node, assuming that it fits resource + /// requirements. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] + pub node_name: Option, + /// NodeSelector is a selector which must be true for the Pod to fit on a node. + /// Selector which must match a node's labels for the Pod to be scheduled on that node. + /// More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] + pub node_selector: Option>, + /// If specified, the Pod will be dispatched by specified scheduler. + /// If not specified, the Pod will be dispatched by default scheduler. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulerName")] + pub scheduler_name: Option, + /// Allows Pods to be scheduled onto nodes with matching taints. + /// Each toleration in the array allows the Pod to tolerate node taints based on + /// specified `key`, `value`, `effect`, and `operator`. + /// + /// + /// - The `key`, `value`, and `effect` identify the taint that the toleration matches. + /// - The `operator` determines how the toleration matches the taint. + /// + /// + /// Pods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tolerations: Option>, + /// TopologySpreadConstraints describes how a group of Pods ought to spread across topology + /// domains. Scheduler will schedule Pods in a way which abides by the constraints. + /// All topologySpreadConstraints are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] + pub topology_spread_constraints: Option>, +} + +/// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinity { + /// Describes node affinity scheduling rules for the pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinity")] + pub node_affinity: Option, + /// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAffinity")] + pub pod_affinity: Option, + /// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAntiAffinity")] + pub pod_anti_affinity: Option, +} + +/// Describes node affinity scheduling rules for the pod. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityNodeAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node matches the corresponding matchExpressions; the + /// node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to an update), the system + /// may or may not try to eventually evict the pod from its node. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option, +} + +/// An empty preferred scheduling term matches all objects with implicit weight 0 +/// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// A node selector term, associated with the corresponding weight. + pub preference: ClusterSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference, + /// Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + pub weight: i32, +} + +/// A node selector term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference { + /// A list of node selector requirements by node's labels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// A list of node selector requirements by node's fields. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] + pub match_fields: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// If the affinity requirements specified by this field are not met at +/// scheduling time, the pod will not be scheduled onto the node. +/// If the affinity requirements specified by this field cease to be met +/// at some point during pod execution (e.g. due to an update), the system +/// may or may not try to eventually evict the pod from its node. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// Required. A list of node selector terms. The terms are ORed. + #[serde(rename = "nodeSelectorTerms")] + pub node_selector_terms: Vec, +} + +/// A null or empty node selector term matches no objects. The requirements of +/// them are ANDed. +/// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms { + /// A list of node selector requirements by node's labels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// A list of node selector requirements by node's fields. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] + pub match_fields: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + /// node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to a pod label update), the + /// system may or may not try to eventually evict the pod from its node. + /// When there are multiple elements, the lists of nodes corresponding to each + /// podAffinityTerm are intersected, i.e. all terms must be satisfied. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option>, +} + +/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// Required. A pod affinity term, associated with the corresponding weight. + #[serde(rename = "podAffinityTerm")] + pub pod_affinity_term: ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, + /// weight associated with matching the corresponding podAffinityTerm, + /// in the range 1-100. + pub weight: i32, +} + +/// Required. A pod affinity term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Defines a set of pods (namely those matching the labelSelector +/// relative to the given namespace(s)) that this pod should be +/// co-located (affinity) or not co-located (anti-affinity) with, +/// where co-located is defined as running on a node whose value of +/// the label with key matches that of any node on which +/// a pod of the set of pods is running +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAntiAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the anti-affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling anti-affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + /// node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the anti-affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the anti-affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to a pod label update), the + /// system may or may not try to eventually evict the pod from its node. + /// When there are multiple elements, the lists of nodes corresponding to each + /// podAffinityTerm are intersected, i.e. all terms must be satisfied. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option>, +} + +/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// Required. A pod affinity term, associated with the corresponding weight. + #[serde(rename = "podAffinityTerm")] + pub pod_affinity_term: ClusterSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, + /// weight associated with matching the corresponding podAffinityTerm, + /// in the range 1-100. + pub weight: i32, +} + +/// Required. A pod affinity term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Defines a set of pods (namely those matching the labelSelector +/// relative to the given namespace(s)) that this pod should be +/// co-located (affinity) or not co-located (anti-affinity) with, +/// where co-located is defined as running on a node whose value of +/// the label with key matches that of any node on which +/// a pod of the set of pods is running +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// The pod this Toleration is attached to tolerates any taint that matches +/// the triple using the matching operator . +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyTolerations { + /// Effect indicates the taint effect to match. Empty means match all taint effects. + /// When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub effect: Option, + /// Key is the taint key that the toleration applies to. Empty means match all taint keys. + /// If the key is empty, operator must be Exists; this combination means to match all values and all keys. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Operator represents a key's relationship to the value. + /// Valid operators are Exists and Equal. Defaults to Equal. + /// Exists is equivalent to wildcard for value, so that a pod can + /// tolerate all taints of a particular category. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// TolerationSeconds represents the period of time the toleration (which must be + /// of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + /// it is not set, which means tolerate the taint forever (do not evict). Zero and + /// negative values will be treated as 0 (evict immediately) by the system. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] + pub toleration_seconds: Option, + /// Value is the taint value the toleration matches to. + /// If the operator is Exists, the value should be empty, otherwise just a regular string. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// TopologySpreadConstraint specifies how to spread matching pods among the given topology. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyTopologySpreadConstraints { + /// LabelSelector is used to find matching pods. + /// Pods that match this label selector are counted to determine the number of pods + /// in their corresponding topology domain. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select the pods over which + /// spreading will be calculated. The keys are used to lookup values from the + /// incoming pod labels, those key-value labels are ANDed with labelSelector + /// to select the group of existing pods over which spreading will be calculated + /// for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + /// MatchLabelKeys cannot be set when LabelSelector isn't set. + /// Keys that don't exist in the incoming pod labels will + /// be ignored. A null or empty list means only match against labelSelector. + /// + /// + /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MaxSkew describes the degree to which pods may be unevenly distributed. + /// When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + /// between the number of matching pods in the target topology and the global minimum. + /// The global minimum is the minimum number of matching pods in an eligible domain + /// or zero if the number of eligible domains is less than MinDomains. + /// For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + /// labelSelector spread as 2/2/1: + /// In this case, the global minimum is 1. + /// | zone1 | zone2 | zone3 | + /// | P P | P P | P | + /// - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + /// scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + /// violate MaxSkew(1). + /// - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + /// When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + /// to topologies that satisfy it. + /// It's a required field. Default value is 1 and 0 is not allowed. + #[serde(rename = "maxSkew")] + pub max_skew: i32, + /// MinDomains indicates a minimum number of eligible domains. + /// When the number of eligible domains with matching topology keys is less than minDomains, + /// Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + /// And when the number of eligible domains with matching topology keys equals or greater than minDomains, + /// this value has no effect on scheduling. + /// As a result, when the number of eligible domains is less than minDomains, + /// scheduler won't schedule more than maxSkew Pods to those domains. + /// If value is nil, the constraint behaves as if MinDomains is equal to 1. + /// Valid values are integers greater than 0. + /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + /// + /// + /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + /// labelSelector spread as 2/2/2: + /// | zone1 | zone2 | zone3 | + /// | P P | P P | P P | + /// The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + /// In this situation, new pod with the same labelSelector cannot be scheduled, + /// because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + /// it will violate MaxSkew. + /// + /// + /// This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "minDomains")] + pub min_domains: Option, + /// NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + /// when calculating pod topology spread skew. Options are: + /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + /// + /// + /// If this value is nil, the behavior is equivalent to the Honor policy. + /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] + pub node_affinity_policy: Option, + /// NodeTaintsPolicy indicates how we will treat node taints when calculating + /// pod topology spread skew. Options are: + /// - Honor: nodes without taints, along with tainted nodes for which the incoming pod + /// has a toleration, are included. + /// - Ignore: node taints are ignored. All nodes are included. + /// + /// + /// If this value is nil, the behavior is equivalent to the Ignore policy. + /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] + pub node_taints_policy: Option, + /// TopologyKey is the key of node labels. Nodes that have a label with this key + /// and identical values are considered to be in the same topology. + /// We consider each as a "bucket", and try to put balanced number + /// of pods into each bucket. + /// We define a domain as a particular instance of a topology. + /// Also, we define an eligible domain as a domain whose nodes meet the requirements of + /// nodeAffinityPolicy and nodeTaintsPolicy. + /// e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + /// And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + /// It's a required field. + #[serde(rename = "topologyKey")] + pub topology_key: String, + /// WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + /// the spread constraint. + /// - DoNotSchedule (default) tells the scheduler not to schedule it. + /// - ScheduleAnyway tells the scheduler to schedule the pod in any location, + /// but giving higher precedence to topologies that would help reduce the + /// skew. + /// A constraint is considered "Unsatisfiable" for an incoming pod + /// if and only if every possible node assignment for that pod would violate + /// "MaxSkew" on some topology. + /// For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + /// labelSelector spread as 3/1/1: + /// | zone1 | zone2 | zone3 | + /// | P P P | P | P | + /// If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + /// to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + /// MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + /// won't make it *more* imbalanced. + /// It's a required field. + #[serde(rename = "whenUnsatisfiable")] + pub when_unsatisfiable: String, +} + +/// LabelSelector is used to find matching pods. +/// Pods that match this label selector are counted to determine the number of pods +/// in their corresponding topology domain. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyTopologySpreadConstraintsLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSchedulingPolicyTopologySpreadConstraintsLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// ClusterService defines a service that is exposed externally, allowing entities outside the cluster to access it. +/// For example, external applications, or other Clusters. +/// And another Cluster managed by the same KubeBlocks operator can resolve the address exposed by a ClusterService +/// using the `serviceRef` field. +/// +/// +/// When a Component needs to access another Cluster's ClusterService using the `serviceRef` field, +/// it must also define the service type and version information in the `componentDefinition.spec.serviceRefDeclarations` +/// section. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterServices { + /// If ServiceType is LoadBalancer, cloud provider related parameters can be put here + /// More info: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub annotations: Option>, + /// Extends the ServiceSpec.Selector by allowing the specification of a component, to be used as a selector for the service. + /// Note that this and the `shardingSelector` are mutually exclusive and cannot be set simultaneously. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "componentSelector")] + pub component_selector: Option, + /// Name defines the name of the service. + /// otherwise, it indicates the name of the service. + /// Others can refer to this service by its name. (e.g., connection credential) + /// Cannot be updated. + pub name: String, + /// Extends the above `serviceSpec.selector` by allowing you to specify defined role as selector for the service. + /// When `roleSelector` is set, it adds a label selector "kubeblocks.io/role: {roleSelector}" + /// to the `serviceSpec.selector`. + /// Example usage: + /// + /// + /// roleSelector: "leader" + /// + /// + /// In this example, setting `roleSelector` to "leader" will add a label selector + /// "kubeblocks.io/role: leader" to the `serviceSpec.selector`. + /// This means that the service will select and route traffic to Pods with the label + /// "kubeblocks.io/role" set to "leader". + /// + /// + /// Note that if `podService` sets to true, RoleSelector will be ignored. + /// The `podService` flag takes precedence over `roleSelector` and generates a service for each Pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "roleSelector")] + pub role_selector: Option, + /// ServiceName defines the name of the underlying service object. + /// If not specified, the default service name with different patterns will be used: + /// + /// + /// - CLUSTER_NAME: for cluster-level services + /// - CLUSTER_NAME-COMPONENT_NAME: for component-level services + /// + /// + /// Only one default service name is allowed. + /// Cannot be updated. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceName")] + pub service_name: Option, + /// Extends the ServiceSpec.Selector by allowing the specification of a sharding name, which is defined in + /// `cluster.spec.shardingSpecs[*].name`, to be used as a selector for the service. + /// Note that this and the `componentSelector` are mutually exclusive and cannot be set simultaneously. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "shardingSelector")] + pub sharding_selector: Option, + /// Spec defines the behavior of a service. + /// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + #[serde(default, skip_serializing_if = "Option::is_none")] + pub spec: Option, +} + +/// Spec defines the behavior of a service. +/// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterServicesSpec { + /// allocateLoadBalancerNodePorts defines if NodePorts will be automatically + /// allocated for services with type LoadBalancer. Default is "true". It + /// may be set to "false" if the cluster load-balancer does not rely on + /// NodePorts. If the caller requests specific NodePorts (by specifying a + /// value), those requests will be respected, regardless of this field. + /// This field may only be set for services with type LoadBalancer and will + /// be cleared if the type is changed to any other type. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allocateLoadBalancerNodePorts")] + pub allocate_load_balancer_node_ports: Option, + /// clusterIP is the IP address of the service and is usually assigned + /// randomly. If an address is specified manually, is in-range (as per + /// system configuration), and is not in use, it will be allocated to the + /// service; otherwise creation of the service will fail. This field may not + /// be changed through updates unless the type field is also being changed + /// to ExternalName (which requires this field to be blank) or the type + /// field is being changed from ExternalName (in which case this field may + /// optionally be specified, as describe above). Valid values are "None", + /// empty string (""), or a valid IP address. Setting this to "None" makes a + /// "headless service" (no virtual IP), which is useful when direct endpoint + /// connections are preferred and proxying is not required. Only applies to + /// types ClusterIP, NodePort, and LoadBalancer. If this field is specified + /// when creating a Service of type ExternalName, creation will fail. This + /// field will be wiped when updating a Service to type ExternalName. + /// More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterIP")] + pub cluster_ip: Option, + /// ClusterIPs is a list of IP addresses assigned to this service, and are + /// usually assigned randomly. If an address is specified manually, is + /// in-range (as per system configuration), and is not in use, it will be + /// allocated to the service; otherwise creation of the service will fail. + /// This field may not be changed through updates unless the type field is + /// also being changed to ExternalName (which requires this field to be + /// empty) or the type field is being changed from ExternalName (in which + /// case this field may optionally be specified, as describe above). Valid + /// values are "None", empty string (""), or a valid IP address. Setting + /// this to "None" makes a "headless service" (no virtual IP), which is + /// useful when direct endpoint connections are preferred and proxying is + /// not required. Only applies to types ClusterIP, NodePort, and + /// LoadBalancer. If this field is specified when creating a Service of type + /// ExternalName, creation will fail. This field will be wiped when updating + /// a Service to type ExternalName. If this field is not specified, it will + /// be initialized from the clusterIP field. If this field is specified, + /// clients must ensure that clusterIPs[0] and clusterIP have the same + /// value. + /// + /// + /// This field may hold a maximum of two entries (dual-stack IPs, in either order). + /// These IPs must correspond to the values of the ipFamilies field. Both + /// clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. + /// More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterIPs")] + pub cluster_i_ps: Option>, + /// externalIPs is a list of IP addresses for which nodes in the cluster + /// will also accept traffic for this service. These IPs are not managed by + /// Kubernetes. The user is responsible for ensuring that traffic arrives + /// at a node with this IP. A common example is external load-balancers + /// that are not part of the Kubernetes system. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalIPs")] + pub external_i_ps: Option>, + /// externalName is the external reference that discovery mechanisms will + /// return as an alias for this service (e.g. a DNS CNAME record). No + /// proxying will be involved. Must be a lowercase RFC-1123 hostname + /// (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalName")] + pub external_name: Option, + /// externalTrafficPolicy describes how nodes distribute service traffic they + /// receive on one of the Service's "externally-facing" addresses (NodePorts, + /// ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + /// the service in a way that assumes that external load balancers will take care + /// of balancing the service traffic between nodes, and so each node will deliver + /// traffic only to the node-local endpoints of the service, without masquerading + /// the client source IP. (Traffic mistakenly sent to a node with no endpoints will + /// be dropped.) The default value, "Cluster", uses the standard behavior of + /// routing to all endpoints evenly (possibly modified by topology and other + /// features). Note that traffic sent to an External IP or LoadBalancer IP from + /// within the cluster will always get "Cluster" semantics, but clients sending to + /// a NodePort from within the cluster may need to take traffic policy into account + /// when picking a node. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalTrafficPolicy")] + pub external_traffic_policy: Option, + /// healthCheckNodePort specifies the healthcheck nodePort for the service. + /// This only applies when type is set to LoadBalancer and + /// externalTrafficPolicy is set to Local. If a value is specified, is + /// in-range, and is not in use, it will be used. If not specified, a value + /// will be automatically allocated. External systems (e.g. load-balancers) + /// can use this port to determine if a given node holds endpoints for this + /// service or not. If this field is specified when creating a Service + /// which does not need it, creation will fail. This field will be wiped + /// when updating a Service to no longer need it (e.g. changing type). + /// This field cannot be updated once set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "healthCheckNodePort")] + pub health_check_node_port: Option, + /// InternalTrafficPolicy describes how nodes distribute service traffic they + /// receive on the ClusterIP. If set to "Local", the proxy will assume that pods + /// only want to talk to endpoints of the service on the same node as the pod, + /// dropping the traffic if there are no local endpoints. The default value, + /// "Cluster", uses the standard behavior of routing to all endpoints evenly + /// (possibly modified by topology and other features). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "internalTrafficPolicy")] + pub internal_traffic_policy: Option, + /// IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this + /// service. This field is usually assigned automatically based on cluster + /// configuration and the ipFamilyPolicy field. If this field is specified + /// manually, the requested family is available in the cluster, + /// and ipFamilyPolicy allows it, it will be used; otherwise creation of + /// the service will fail. This field is conditionally mutable: it allows + /// for adding or removing a secondary IP family, but it does not allow + /// changing the primary IP family of the Service. Valid values are "IPv4" + /// and "IPv6". This field only applies to Services of types ClusterIP, + /// NodePort, and LoadBalancer, and does apply to "headless" services. + /// This field will be wiped when updating a Service to type ExternalName. + /// + /// + /// This field may hold a maximum of two entries (dual-stack families, in + /// either order). These families must correspond to the values of the + /// clusterIPs field, if specified. Both clusterIPs and ipFamilies are + /// governed by the ipFamilyPolicy field. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "ipFamilies")] + pub ip_families: Option>, + /// IPFamilyPolicy represents the dual-stack-ness requested or required by + /// this Service. If there is no value provided, then this field will be set + /// to SingleStack. Services can be "SingleStack" (a single IP family), + /// "PreferDualStack" (two IP families on dual-stack configured clusters or + /// a single IP family on single-stack clusters), or "RequireDualStack" + /// (two IP families on dual-stack configured clusters, otherwise fail). The + /// ipFamilies and clusterIPs fields depend on the value of this field. This + /// field will be wiped when updating a service to type ExternalName. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "ipFamilyPolicy")] + pub ip_family_policy: Option, + /// loadBalancerClass is the class of the load balancer implementation this Service belongs to. + /// If specified, the value of this field must be a label-style identifier, with an optional prefix, + /// e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + /// This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + /// balancer implementation is used, today this is typically done through the cloud provider integration, + /// but should apply for any default implementation. If set, it is assumed that a load balancer + /// implementation is watching for Services with a matching class. Any default load balancer + /// implementation (e.g. cloud providers) should ignore Services that set this field. + /// This field can only be set when creating or updating a Service to type 'LoadBalancer'. + /// Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "loadBalancerClass")] + pub load_balancer_class: Option, + /// Only applies to Service Type: LoadBalancer. + /// This feature depends on whether the underlying cloud-provider supports specifying + /// the loadBalancerIP when a load balancer is created. + /// This field will be ignored if the cloud-provider does not support the feature. + /// Deprecated: This field was under-specified and its meaning varies across implementations. + /// Using it is non-portable and it may not support dual-stack. + /// Users are encouraged to use implementation-specific annotations when available. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "loadBalancerIP")] + pub load_balancer_ip: Option, + /// If specified and supported by the platform, this will restrict traffic through the cloud-provider + /// load-balancer will be restricted to the specified client IPs. This field will be ignored if the + /// cloud-provider does not support the feature." + /// More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + #[serde(default, skip_serializing_if = "Option::is_none", rename = "loadBalancerSourceRanges")] + pub load_balancer_source_ranges: Option>, + /// The list of ports that are exposed by this service. + /// More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ports: Option>, + /// publishNotReadyAddresses indicates that any agent which deals with endpoints for this + /// Service should disregard any indications of ready/not-ready. + /// The primary use case for setting this field is for a StatefulSet's Headless Service to + /// propagate SRV DNS records for its Pods for the purpose of peer discovery. + /// The Kubernetes controllers that generate Endpoints and EndpointSlice resources for + /// Services interpret this to mean that all endpoints are considered "ready" even if the + /// Pods themselves are not. Agents which consume only Kubernetes generated endpoints + /// through the Endpoints or EndpointSlice resources can safely assume this behavior. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "publishNotReadyAddresses")] + pub publish_not_ready_addresses: Option, + /// Route service traffic to pods with label keys and values matching this + /// selector. If empty or not present, the service is assumed to have an + /// external process managing its endpoints, which Kubernetes will not + /// modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. + /// Ignored if type is ExternalName. + /// More info: https://kubernetes.io/docs/concepts/services-networking/service/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option>, + /// Supports "ClientIP" and "None". Used to maintain session affinity. + /// Enable client IP based session affinity. + /// Must be ClientIP or None. + /// Defaults to None. + /// More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sessionAffinity")] + pub session_affinity: Option, + /// sessionAffinityConfig contains the configurations of session affinity. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sessionAffinityConfig")] + pub session_affinity_config: Option, + /// type determines how the Service is exposed. Defaults to ClusterIP. Valid + /// options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + /// "ClusterIP" allocates a cluster-internal IP address for load-balancing + /// to endpoints. Endpoints are determined by the selector or if that is not + /// specified, by manual construction of an Endpoints object or + /// EndpointSlice objects. If clusterIP is "None", no virtual IP is + /// allocated and the endpoints are published as a set of endpoints rather + /// than a virtual IP. + /// "NodePort" builds on ClusterIP and allocates a port on every node which + /// routes to the same endpoints as the clusterIP. + /// "LoadBalancer" builds on NodePort and creates an external load-balancer + /// (if supported in the current cloud) which routes to the same endpoints + /// as the clusterIP. + /// "ExternalName" aliases this service to the specified externalName. + /// Several other fields do not apply to ExternalName services. + /// More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + +/// ServicePort contains information on service's port. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterServicesSpecPorts { + /// The application protocol for this port. + /// This is used as a hint for implementations to offer richer behavior for protocols that they understand. + /// This field follows standard Kubernetes label syntax. + /// Valid values are either: + /// + /// + /// * Un-prefixed protocol names - reserved for IANA standard service names (as per + /// RFC-6335 and https://www.iana.org/assignments/service-names). + /// + /// + /// * Kubernetes-defined prefixed names: + /// * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 + /// * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + /// * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + /// + /// + /// * Other protocols should use implementation-defined prefixed names such as + /// mycompany.com/my-custom-protocol. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "appProtocol")] + pub app_protocol: Option, + /// The name of this port within the service. This must be a DNS_LABEL. + /// All ports within a ServiceSpec must have unique names. When considering + /// the endpoints for a Service, this must match the 'name' field in the + /// EndpointPort. + /// Optional if only one ServicePort is defined on this service. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// The port on each node on which this service is exposed when type is + /// NodePort or LoadBalancer. Usually assigned by the system. If a value is + /// specified, in-range, and not in use it will be used, otherwise the + /// operation will fail. If not specified, a port will be allocated if this + /// Service requires one. If this field is specified when creating a + /// Service which does not need it, creation will fail. This field will be + /// wiped when updating a Service to no longer need it (e.g. changing type + /// from NodePort to ClusterIP). + /// More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodePort")] + pub node_port: Option, + /// The port that will be exposed by this service. + pub port: i32, + /// The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". + /// Default is TCP. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub protocol: Option, + /// Number or name of the port to access on the pods targeted by the service. + /// Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + /// If this is a string, it will be looked up as a named port in the + /// target Pod's container ports. If this is not specified, the value + /// of the 'port' field is used (an identity map). + /// This field is ignored for services with clusterIP=None, and should be + /// omitted or set equal to the 'port' field. + /// More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service + #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetPort")] + pub target_port: Option, +} + +/// sessionAffinityConfig contains the configurations of session affinity. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterServicesSpecSessionAffinityConfig { + /// clientIP contains the configurations of Client IP based session affinity. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientIP")] + pub client_ip: Option, +} + +/// clientIP contains the configurations of Client IP based session affinity. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterServicesSpecSessionAffinityConfigClientIp { + /// timeoutSeconds specifies the seconds of ClientIP type session sticky time. + /// The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + /// Default value is 10800(for 3 hours). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "timeoutSeconds")] + pub timeout_seconds: Option, +} + +/// ShardingSpec defines how KubeBlocks manage dynamic provisioned shards. +/// A typical design pattern for distributed databases is to distribute data across multiple shards, +/// with each shard consisting of multiple replicas. +/// Therefore, KubeBlocks supports representing a shard with a Component and dynamically instantiating Components +/// using a template when shards are added. +/// When shards are removed, the corresponding Components are also deleted. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecs { + /// Represents the common parent part of all shard names. + /// This identifier is included as part of the Service DNS name and must comply with IANA service naming rules. + /// It is used to generate the names of underlying Components following the pattern `$(shardingSpec.name)-$(ShardID)`. + /// ShardID is a random string that is appended to the Name to generate unique identifiers for each shard. + /// For example, if the sharding specification name is "my-shard" and the ShardID is "abc", the resulting Component name + /// would be "my-shard-abc". + /// + /// + /// Note that the name defined in Component template(`shardingSpec.template.name`) will be disregarded + /// when generating the Component names of the shards. The `shardingSpec.name` field takes precedence. + pub name: String, + /// Specifies the desired number of shards. + /// Users can declare the desired number of shards through this field. + /// KubeBlocks dynamically creates and deletes Components based on the difference + /// between the desired and actual number of shards. + /// KubeBlocks provides lifecycle management for sharding, including: + /// + /// + /// - Executing the postProvision Action defined in the ComponentDefinition when the number of shards increases. + /// This allows for custom actions to be performed after a new shard is provisioned. + /// - Executing the preTerminate Action defined in the ComponentDefinition when the number of shards decreases. + /// This enables custom cleanup or data migration tasks to be executed before a shard is terminated. + /// Resources and data associated with the corresponding Component will also be deleted. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub shards: Option, + /// The template for generating Components for shards, where each shard consists of one Component. + /// This field is of type ClusterComponentSpec, which encapsulates all the required details and + /// definitions for creating and managing the Components. + /// KubeBlocks uses this template to generate a set of identical Components or shards. + /// All the generated Components will have the same specifications and definitions as specified in the `template` field. + /// + /// + /// This allows for the creation of multiple Components with consistent configurations, + /// enabling sharding and distribution of workloads across Components. + pub template: ClusterShardingSpecsTemplate, +} + +/// The template for generating Components for shards, where each shard consists of one Component. +/// This field is of type ClusterComponentSpec, which encapsulates all the required details and +/// definitions for creating and managing the Components. +/// KubeBlocks uses this template to generate a set of identical Components or shards. +/// All the generated Components will have the same specifications and definitions as specified in the `template` field. +/// +/// +/// This allows for the creation of multiple Components with consistent configurations, +/// enabling sharding and distribution of workloads across Components. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplate { + /// Specifies a group of affinity scheduling rules for the Component. + /// It allows users to control how the Component's Pods are scheduled onto nodes in the K8s cluster. + /// + /// + /// Deprecated since v0.10, replaced by the `schedulingPolicy` field. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub affinity: Option, + /// Specifies Annotations to override or add for underlying Pods. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub annotations: Option>, + /// References the name of a ComponentDefinition object. + /// The ComponentDefinition specifies the behavior and characteristics of the Component. + /// If both `componentDefRef` and `componentDef` are provided, + /// the `componentDef` will take precedence over `componentDefRef`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "componentDef")] + pub component_def: Option, + /// References a ClusterComponentDefinition defined in the `clusterDefinition.spec.componentDef` field. + /// Must comply with the IANA service naming rule. + /// + /// + /// Deprecated since v0.9, + /// because defining Components in `clusterDefinition.spec.componentDef` field has been deprecated. + /// This field is replaced by the `componentDef` field, use `componentDef` instead. + /// This field is maintained for backward compatibility and its use is discouraged. + /// Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. + /// + /// + /// TODO +kubebuilder:validation:XValidation:rule="self == oldSelf",message="componentDefRef is immutable" + #[serde(default, skip_serializing_if = "Option::is_none", rename = "componentDefRef")] + pub component_def_ref: Option, + /// Specifies the configuration content of a config template. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub configs: Option>, + /// Determines whether metrics exporter information is annotated on the Component's headless Service. + /// + /// + /// If set to true, the following annotations will not be patched into the Service: + /// + /// + /// - "monitor.kubeblocks.io/path" + /// - "monitor.kubeblocks.io/port" + /// - "monitor.kubeblocks.io/scheme" + /// + /// + /// These annotations allow the Prometheus installed by KubeBlocks to discover and scrape metrics from the exporter. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableExporter")] + pub disable_exporter: Option, + /// Specifies which types of logs should be collected for the Component. + /// The log types are defined in the `componentDefinition.spec.logConfigs` field with the LogConfig entries. + /// + /// + /// The elements in the `enabledLogs` array correspond to the names of the LogConfig entries. + /// For example, if the `componentDefinition.spec.logConfigs` defines LogConfig entries with + /// names "slow_query_log" and "error_log", + /// you can enable the collection of these logs by including their names in the `enabledLogs` array: + /// ```yaml + /// enabledLogs: + /// - slow_query_log + /// - error_log + /// ``` + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enabledLogs")] + pub enabled_logs: Option>, + /// List of environment variables to add. + /// These environment variables will be placed after the environment variables declared in the Pod. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub env: Option>, + /// Allows for the customization of configuration values for each instance within a Component. + /// An instance represent a single replica (Pod and associated K8s resources like PVCs, Services, and ConfigMaps). + /// While instances typically share a common configuration as defined in the ClusterComponentSpec, + /// they can require unique settings in various scenarios: + /// + /// + /// For example: + /// - A database Component might require different resource allocations for primary and secondary instances, + /// with primaries needing more resources. + /// - During a rolling upgrade, a Component may first update the image for one or a few instances, + /// and then update the remaining instances after verifying that the updated instances are functioning correctly. + /// + /// + /// InstanceTemplate allows for specifying these unique configurations per instance. + /// Each instance's name is constructed using the pattern: $(component.name)-$(template.name)-$(ordinal), + /// starting with an ordinal of 0. + /// It is crucial to maintain unique names for each InstanceTemplate to avoid conflicts. + /// + /// + /// The sum of replicas across all InstanceTemplates should not exceed the total number of replicas specified for the Component. + /// Any remaining replicas will be generated using the default template and will follow the default naming rules. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub instances: Option>, + /// Specifies the configuration for the TLS certificates issuer. + /// It allows defining the issuer name and the reference to the secret containing the TLS certificates and key. + /// The secret should contain the CA certificate, TLS certificate, and private key in the specified keys. + /// Required when TLS is enabled. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub issuer: Option, + /// Specifies Labels to override or add for underlying Pods. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub labels: Option>, + /// Deprecated since v0.9 + /// Determines whether metrics exporter information is annotated on the Component's headless Service. + /// + /// + /// If set to true, the following annotations will be patched into the Service: + /// + /// + /// - "monitor.kubeblocks.io/path" + /// - "monitor.kubeblocks.io/port" + /// - "monitor.kubeblocks.io/scheme" + /// + /// + /// These annotations allow the Prometheus installed by KubeBlocks to discover and scrape metrics from the exporter. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub monitor: Option, + /// Specifies the Component's name. + /// It's part of the Service DNS name and must comply with the IANA service naming rule. + /// The name is optional when ClusterComponentSpec is used as a template (e.g., in `shardingSpec`), + /// but required otherwise. + /// + /// + /// TODO +kubebuilder:validation:XValidation:rule="self == oldSelf",message="name is immutable" + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specifies the names of instances to be transitioned to offline status. + /// + /// + /// Marking an instance as offline results in the following: + /// + /// + /// 1. The associated Pod is stopped, and its PersistentVolumeClaim (PVC) is retained for potential + /// future reuse or data recovery, but it is no longer actively used. + /// 2. The ordinal number assigned to this instance is preserved, ensuring it remains unique + /// and avoiding conflicts with new instances. + /// + /// + /// Setting instances to offline allows for a controlled scale-in process, preserving their data and maintaining + /// ordinal consistency within the Cluster. + /// Note that offline instances and their associated resources, such as PVCs, are not automatically deleted. + /// The administrator must manually manage the cleanup and removal of these resources when they are no longer needed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "offlineInstances")] + pub offline_instances: Option>, + /// Specifies the desired number of replicas in the Component for enhancing availability and durability, or load balancing. + pub replicas: i32, + /// Specifies the resources required by the Component. + /// It allows defining the CPU, memory requirements and limits for the Component's containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, + /// Specifies the scheduling policy for the Component. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulingPolicy")] + pub scheduling_policy: Option, + /// Specifies the name of the ServiceAccount required by the running Component. + /// This ServiceAccount is used to grant necessary permissions for the Component's Pods to interact + /// with other Kubernetes resources, such as modifying Pod labels or sending events. + /// + /// + /// Defaults: + /// If not specified, KubeBlocks automatically assigns a default ServiceAccount named "kb-{cluster.name}", + /// bound to a default role installed together with KubeBlocks. + /// + /// + /// Future Changes: + /// Future versions might change the default ServiceAccount creation strategy to one per Component, + /// potentially revising the naming to "kb-{cluster.name}-{component.name}". + /// + /// + /// Users can override the automatic ServiceAccount assignment by explicitly setting the name of + /// an existed ServiceAccount in this field. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccountName")] + pub service_account_name: Option, + /// Defines a list of ServiceRef for a Component, enabling access to both external services and + /// Services provided by other Clusters. + /// + /// + /// Types of services: + /// + /// + /// - External services: Not managed by KubeBlocks or managed by a different KubeBlocks operator; + /// Require a ServiceDescriptor for connection details. + /// - Services provided by a Cluster: Managed by the same KubeBlocks operator; + /// identified using Cluster, Component and Service names. + /// + /// + /// ServiceRefs with identical `serviceRef.name` in the same Cluster are considered the same. + /// + /// + /// Example: + /// ```yaml + /// serviceRefs: + /// - name: "redis-sentinel" + /// serviceDescriptor: + /// name: "external-redis-sentinel" + /// - name: "postgres-cluster" + /// clusterServiceSelector: + /// cluster: "my-postgres-cluster" + /// service: + /// component: "postgresql" + /// ``` + /// The example above includes ServiceRefs to an external Redis Sentinel service and a PostgreSQL Cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceRefs")] + pub service_refs: Option>, + /// ServiceVersion specifies the version of the Service expected to be provisioned by this Component. + /// The version should follow the syntax and semantics of the "Semantic Versioning" specification (http://semver.org/). + /// If no version is specified, the latest available version will be used. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceVersion")] + pub service_version: Option, + /// Overrides services defined in referenced ComponentDefinition and expose endpoints that can be accessed by clients. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub services: Option>, + /// Defines the strategy for switchover and failover when workloadType is Replication. + /// + /// + /// Deprecated since v0.9. + /// This field is maintained for backward compatibility and its use is discouraged. + /// Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "switchPolicy")] + pub switch_policy: Option, + /// Overrides system accounts defined in referenced ComponentDefinition. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "systemAccounts")] + pub system_accounts: Option>, + /// A boolean flag that indicates whether the Component should use Transport Layer Security (TLS) + /// for secure communication. + /// When set to true, the Component will be configured to use TLS encryption for its network connections. + /// This ensures that the data transmitted between the Component and its clients or other Components is encrypted + /// and protected from unauthorized access. + /// If TLS is enabled, the Component may require additional configuration, such as specifying TLS certificates and keys, + /// to properly set up the secure communication channel. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tls: Option, + /// Allows Pods to be scheduled onto nodes with matching taints. + /// Each toleration in the array allows the Pod to tolerate node taints based on + /// specified `key`, `value`, `effect`, and `operator`. + /// + /// + /// - The `key`, `value`, and `effect` identify the taint that the toleration matches. + /// - The `operator` determines how the toleration matches the taint. + /// + /// + /// Pods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes. + /// + /// + /// Deprecated since v0.10, replaced by the `schedulingPolicy` field. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tolerations: Option>, + /// Defines the update strategy for the Component. + /// + /// + /// Deprecated since v0.9. + /// This field is maintained for backward compatibility and its use is discouraged. + /// Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "updateStrategy")] + pub update_strategy: Option, + /// Allows users to specify custom ConfigMaps and Secrets to be mounted as volumes + /// in the Cluster's Pods. + /// This is useful in scenarios where users need to provide additional resources to the Cluster, such as: + /// + /// + /// - Mounting custom scripts or configuration files during Cluster startup. + /// - Mounting Secrets as volumes to provide sensitive information, like S3 AK/SK, to the Cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "userResourceRefs")] + pub user_resource_refs: Option, + /// Specifies a list of PersistentVolumeClaim templates that represent the storage requirements for the Component. + /// Each template specifies the desired characteristics of a persistent volume, such as storage class, + /// size, and access modes. + /// These templates are used to dynamically provision persistent volumes for the Component. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplates")] + pub volume_claim_templates: Option>, + /// List of volumes to override. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub volumes: Option>, +} + +/// Specifies a group of affinity scheduling rules for the Component. +/// It allows users to control how the Component's Pods are scheduled onto nodes in the K8s cluster. +/// +/// +/// Deprecated since v0.10, replaced by the `schedulingPolicy` field. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateAffinity { + /// Indicates the node labels that must be present on nodes for pods to be scheduled on them. + /// It is a map where the keys are the label keys and the values are the corresponding label values. + /// Pods will only be scheduled on nodes that have all the specified labels with the corresponding values. + /// + /// + /// For example, if NodeLabels is set to {"nodeType": "ssd", "environment": "production"}, + /// pods will only be scheduled on nodes that have both the "nodeType" label with value "ssd" + /// and the "environment" label with value "production". + /// + /// + /// This field allows users to control Pod placement based on specific node labels. + /// It can be used to ensure that Pods are scheduled on nodes with certain characteristics, + /// such as specific hardware (e.g., SSD), environment (e.g., production, staging), + /// or any other custom labels assigned to nodes. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeLabels")] + pub node_labels: Option>, + /// Specifies the anti-affinity level of Pods within a Component. + /// It determines how pods should be spread across nodes to improve availability and performance. + /// It can have the following values: `Preferred` and `Required`. + /// The default value is `Preferred`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAntiAffinity")] + pub pod_anti_affinity: Option, + /// Determines the level of resource isolation between Pods. + /// It can have the following values: `SharedNode` and `DedicatedNode`. + /// + /// + /// - SharedNode: Allow that multiple Pods may share the same node, which is the default behavior of K8s. + /// - DedicatedNode: Each Pod runs on a dedicated node, ensuring that no two Pods share the same node. + /// In other words, if a Pod is already running on a node, no other Pods will be scheduled on that node. + /// Which provides a higher level of isolation and resource guarantee for Pods. + /// + /// + /// The default value is `SharedNode`. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tenancy: Option, + /// Represents the key of node labels used to define the topology domain for Pod anti-affinity + /// and Pod spread constraints. + /// + /// + /// In K8s, a topology domain is a set of nodes that have the same value for a specific label key. + /// Nodes with labels containing any of the specified TopologyKeys and identical values are considered + /// to be in the same topology domain. + /// + /// + /// Note: The concept of topology in the context of K8s TopologyKeys is different from the concept of + /// topology in the ClusterDefinition. + /// + /// + /// When a Pod has anti-affinity or spread constraints specified, Kubernetes will attempt to schedule the + /// Pod on nodes with different values for the specified TopologyKeys. + /// This ensures that Pods are spread across different topology domains, promoting high availability and + /// reducing the impact of node failures. + /// + /// + /// Some well-known label keys, such as `kubernetes.io/hostname` and `topology.kubernetes.io/zone`, + /// are often used as TopologyKey. + /// These keys represent the hostname and zone of a node, respectively. + /// By including these keys in the TopologyKeys list, Pods will be spread across nodes with + /// different hostnames or zones. + /// + /// + /// In addition to the well-known keys, users can also specify custom label keys as TopologyKeys. + /// This allows for more flexible and custom topology definitions based on the specific needs + /// of the application or environment. + /// + /// + /// The TopologyKeys field is a slice of strings, where each string represents a label key. + /// The order of the keys in the slice does not matter. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologyKeys")] + pub topology_keys: Option>, +} + +/// Specifies a group of affinity scheduling rules for the Component. +/// It allows users to control how the Component's Pods are scheduled onto nodes in the K8s cluster. +/// +/// +/// Deprecated since v0.10, replaced by the `schedulingPolicy` field. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterShardingSpecsTemplateAffinityPodAntiAffinity { + Preferred, + Required, +} + +/// Specifies a group of affinity scheduling rules for the Component. +/// It allows users to control how the Component's Pods are scheduled onto nodes in the K8s cluster. +/// +/// +/// Deprecated since v0.10, replaced by the `schedulingPolicy` field. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterShardingSpecsTemplateAffinityTenancy { + SharedNode, + DedicatedNode, +} + +/// ClusterComponentConfig represents a config with its source bound. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateConfigs { + /// ConfigMap source for the config. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// The name of the config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// ConfigMap source for the config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateConfigsConfigMap { + /// defaultMode is optional: mode bits used to set permissions on created files by default. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// Defaults to 0644. + /// Directories within the path are not affected by this setting. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + /// items if unspecified, each key-value pair in the Data field of the referenced + /// ConfigMap will be projected into the volume as a file whose name is the + /// key and content is the value. If specified, the listed keys will be + /// projected into the specified paths, and unlisted keys will not be + /// present. If a key is specified which is not present in the ConfigMap, + /// the volume setup will error unless it is marked optional. Paths must be + /// relative and may not contain the '..' path or start with '..'. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// optional specify whether the ConfigMap or its keys must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Maps a string key to a path within a volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateConfigsConfigMapItems { + /// key is the key to project. + pub key: String, + /// mode is Optional: mode bits used to set permissions on this file. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + /// path is the relative path of the file to map the key to. + /// May not be an absolute path. + /// May not contain the path element '..'. + /// May not start with the string '..'. + pub path: String, +} + +/// EnvVar represents an environment variable present in a Container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateEnv { + /// Name of the environment variable. Must be a C_IDENTIFIER. + pub name: String, + /// Variable references $(VAR_NAME) are expanded + /// using the previously defined environment variables in the container and + /// any service environment variables. If a variable cannot be resolved, + /// the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + /// "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + /// Escaped references will never be expanded, regardless of whether the variable + /// exists or not. + /// Defaults to "". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, + /// Source for the environment variable's value. Cannot be used if value is not empty. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] + pub value_from: Option, +} + +/// Source for the environment variable's value. Cannot be used if value is not empty. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateEnvValueFrom { + /// Selects a key of a ConfigMap. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] + pub config_map_key_ref: Option, + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] + pub field_ref: Option, + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] + pub resource_field_ref: Option, + /// Selects a key of a secret in the pod's namespace + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, +} + +/// Selects a key of a ConfigMap. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateEnvValueFromConfigMapKeyRef { + /// The key to select. + pub key: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateEnvValueFromFieldRef { + /// Version of the schema the FieldPath is written in terms of, defaults to "v1". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Path of the field to select in the specified API version. + #[serde(rename = "fieldPath")] + pub field_path: String, +} + +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateEnvValueFromResourceFieldRef { + /// Container name: required for volumes, optional for env vars + #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] + pub container_name: Option, + /// Specifies the output format of the exposed resources, defaults to "1" + #[serde(default, skip_serializing_if = "Option::is_none")] + pub divisor: Option, + /// Required: resource to select + pub resource: String, +} + +/// Selects a key of a secret in the pod's namespace +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateEnvValueFromSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// InstanceTemplate allows customization of individual replica configurations in a Component. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstances { + /// Specifies a map of key-value pairs to be merged into the Pod's existing annotations. + /// Existing keys will have their values overwritten, while new keys will be added to the annotations. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub annotations: Option>, + /// Defines Env to override. + /// Add new or override existing envs. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub env: Option>, + /// Specifies an override for the first container's image in the Pod. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, + /// Specifies a map of key-value pairs that will be merged into the Pod's existing labels. + /// Values for existing keys will be overwritten, and new keys will be added. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub labels: Option>, + /// Name specifies the unique name of the instance Pod created using this InstanceTemplate. + /// This name is constructed by concatenating the Component's name, the template's name, and the instance's ordinal + /// using the pattern: $(cluster.name)-$(component.name)-$(template.name)-$(ordinal). Ordinals start from 0. + /// The specified name overrides any default naming conventions or patterns. + pub name: String, + /// Specifies the number of instances (Pods) to create from this InstanceTemplate. + /// This field allows setting how many replicated instances of the Component, + /// with the specific overrides in the InstanceTemplate, are created. + /// The default value is 1. A value of 0 disables instance creation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub replicas: Option, + /// Specifies an override for the resource requirements of the first container in the Pod. + /// This field allows for customizing resource allocation (CPU, memory, etc.) for the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, + /// Specifies the scheduling policy for the Component. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulingPolicy")] + pub scheduling_policy: Option, + /// Defines VolumeClaimTemplates to override. + /// Add new or override existing volume claim templates. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplates")] + pub volume_claim_templates: Option>, + /// Defines VolumeMounts to override. + /// Add new or override existing volume mounts of the first container in the Pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] + pub volume_mounts: Option>, + /// Defines Volumes to override. + /// Add new or override existing volumes. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub volumes: Option>, +} + +/// EnvVar represents an environment variable present in a Container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesEnv { + /// Name of the environment variable. Must be a C_IDENTIFIER. + pub name: String, + /// Variable references $(VAR_NAME) are expanded + /// using the previously defined environment variables in the container and + /// any service environment variables. If a variable cannot be resolved, + /// the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + /// "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + /// Escaped references will never be expanded, regardless of whether the variable + /// exists or not. + /// Defaults to "". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, + /// Source for the environment variable's value. Cannot be used if value is not empty. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] + pub value_from: Option, +} + +/// Source for the environment variable's value. Cannot be used if value is not empty. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesEnvValueFrom { + /// Selects a key of a ConfigMap. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] + pub config_map_key_ref: Option, + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] + pub field_ref: Option, + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] + pub resource_field_ref: Option, + /// Selects a key of a secret in the pod's namespace + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, +} + +/// Selects a key of a ConfigMap. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesEnvValueFromConfigMapKeyRef { + /// The key to select. + pub key: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesEnvValueFromFieldRef { + /// Version of the schema the FieldPath is written in terms of, defaults to "v1". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Path of the field to select in the specified API version. + #[serde(rename = "fieldPath")] + pub field_path: String, +} + +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesEnvValueFromResourceFieldRef { + /// Container name: required for volumes, optional for env vars + #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] + pub container_name: Option, + /// Specifies the output format of the exposed resources, defaults to "1" + #[serde(default, skip_serializing_if = "Option::is_none")] + pub divisor: Option, + /// Required: resource to select + pub resource: String, +} + +/// Selects a key of a secret in the pod's namespace +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesEnvValueFromSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Specifies an override for the resource requirements of the first container in the Pod. +/// This field allows for customizing resource allocation (CPU, memory, etc.) for the container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. /// - /// In this example, setting `roleSelector` to "leader" will add a label selector - /// "kubeblocks.io/role: leader" to the `serviceSpec.selector`. - /// This means that the service will select and route traffic to Pods with the label - /// "kubeblocks.io/role" set to "leader". /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. /// - /// Note that if `podService` sets to true, RoleSelector will be ignored. - /// The `podService` flag takes precedence over `roleSelector` and generates a service for each Pod. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "roleSelector")] - pub role_selector: Option, - /// ServiceName defines the name of the underlying service object. - /// If not specified, the default service name with different patterns will be used: + /// + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, +} + +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. + pub name: String, +} + +/// Specifies the scheduling policy for the Component. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicy { + /// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub affinity: Option, + /// NodeName is a request to schedule this Pod onto a specific node. If it is non-empty, + /// the scheduler simply schedules this Pod onto that node, assuming that it fits resource + /// requirements. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] + pub node_name: Option, + /// NodeSelector is a selector which must be true for the Pod to fit on a node. + /// Selector which must match a node's labels for the Pod to be scheduled on that node. + /// More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] + pub node_selector: Option>, + /// If specified, the Pod will be dispatched by specified scheduler. + /// If not specified, the Pod will be dispatched by default scheduler. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulerName")] + pub scheduler_name: Option, + /// Allows Pods to be scheduled onto nodes with matching taints. + /// Each toleration in the array allows the Pod to tolerate node taints based on + /// specified `key`, `value`, `effect`, and `operator`. /// /// - /// - CLUSTER_NAME: for cluster-level services - /// - CLUSTER_NAME-COMPONENT_NAME: for component-level services + /// - The `key`, `value`, and `effect` identify the taint that the toleration matches. + /// - The `operator` determines how the toleration matches the taint. /// /// - /// Only one default service name is allowed. - /// Cannot be updated. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceName")] - pub service_name: Option, - /// Extends the ServiceSpec.Selector by allowing the specification of a sharding name, which is defined in - /// `cluster.spec.shardingSpecs[*].name`, to be used as a selector for the service. - /// Note that this and the `componentSelector` are mutually exclusive and cannot be set simultaneously. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "shardingSelector")] - pub sharding_selector: Option, - /// Spec defines the behavior of a service. - /// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + /// Pods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tolerations: Option>, + /// TopologySpreadConstraints describes how a group of Pods ought to spread across topology + /// domains. Scheduler will schedule Pods in a way which abides by the constraints. + /// All topologySpreadConstraints are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] + pub topology_spread_constraints: Option>, +} + +/// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinity { + /// Describes node affinity scheduling rules for the pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinity")] + pub node_affinity: Option, + /// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAffinity")] + pub pod_affinity: Option, + /// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAntiAffinity")] + pub pod_anti_affinity: Option, +} + +/// Describes node affinity scheduling rules for the pod. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityNodeAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node matches the corresponding matchExpressions; the + /// node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to an update), the system + /// may or may not try to eventually evict the pod from its node. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option, +} + +/// An empty preferred scheduling term matches all objects with implicit weight 0 +/// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// A node selector term, associated with the corresponding weight. + pub preference: ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference, + /// Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + pub weight: i32, +} + +/// A node selector term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference { + /// A list of node selector requirements by node's labels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// A list of node selector requirements by node's fields. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] + pub match_fields: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// If the affinity requirements specified by this field are not met at +/// scheduling time, the pod will not be scheduled onto the node. +/// If the affinity requirements specified by this field cease to be met +/// at some point during pod execution (e.g. due to an update), the system +/// may or may not try to eventually evict the pod from its node. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// Required. A list of node selector terms. The terms are ORed. + #[serde(rename = "nodeSelectorTerms")] + pub node_selector_terms: Vec, +} + +/// A null or empty node selector term matches no objects. The requirements of +/// them are ANDed. +/// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms { + /// A list of node selector requirements by node's labels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// A list of node selector requirements by node's fields. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] + pub match_fields: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + /// node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to a pod label update), the + /// system may or may not try to eventually evict the pod from its node. + /// When there are multiple elements, the lists of nodes corresponding to each + /// podAffinityTerm are intersected, i.e. all terms must be satisfied. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option>, +} + +/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// Required. A pod affinity term, associated with the corresponding weight. + #[serde(rename = "podAffinityTerm")] + pub pod_affinity_term: ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, + /// weight associated with matching the corresponding podAffinityTerm, + /// in the range 1-100. + pub weight: i32, +} + +/// Required. A pod affinity term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub spec: Option, + pub values: Option>, } -/// Spec defines the behavior of a service. -/// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +/// Defines a set of pods (namely those matching the labelSelector +/// relative to the given namespace(s)) that this pod should be +/// co-located (affinity) or not co-located (anti-affinity) with, +/// where co-located is defined as running on a node whose value of +/// the label with key matches that of any node on which +/// a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterServicesSpec { - /// allocateLoadBalancerNodePorts defines if NodePorts will be automatically - /// allocated for services with type LoadBalancer. Default is "true". It - /// may be set to "false" if the cluster load-balancer does not rely on - /// NodePorts. If the caller requests specific NodePorts (by specifying a - /// value), those requests will be respected, regardless of this field. - /// This field may only be set for services with type LoadBalancer and will - /// be cleared if the type is changed to any other type. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "allocateLoadBalancerNodePorts")] - pub allocate_load_balancer_node_ports: Option, - /// clusterIP is the IP address of the service and is usually assigned - /// randomly. If an address is specified manually, is in-range (as per - /// system configuration), and is not in use, it will be allocated to the - /// service; otherwise creation of the service will fail. This field may not - /// be changed through updates unless the type field is also being changed - /// to ExternalName (which requires this field to be blank) or the type - /// field is being changed from ExternalName (in which case this field may - /// optionally be specified, as describe above). Valid values are "None", - /// empty string (""), or a valid IP address. Setting this to "None" makes a - /// "headless service" (no virtual IP), which is useful when direct endpoint - /// connections are preferred and proxying is not required. Only applies to - /// types ClusterIP, NodePort, and LoadBalancer. If this field is specified - /// when creating a Service of type ExternalName, creation will fail. This - /// field will be wiped when updating a Service to type ExternalName. - /// More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterIP")] - pub cluster_ip: Option, - /// ClusterIPs is a list of IP addresses assigned to this service, and are - /// usually assigned randomly. If an address is specified manually, is - /// in-range (as per system configuration), and is not in use, it will be - /// allocated to the service; otherwise creation of the service will fail. - /// This field may not be changed through updates unless the type field is - /// also being changed to ExternalName (which requires this field to be - /// empty) or the type field is being changed from ExternalName (in which - /// case this field may optionally be specified, as describe above). Valid - /// values are "None", empty string (""), or a valid IP address. Setting - /// this to "None" makes a "headless service" (no virtual IP), which is - /// useful when direct endpoint connections are preferred and proxying is - /// not required. Only applies to types ClusterIP, NodePort, and - /// LoadBalancer. If this field is specified when creating a Service of type - /// ExternalName, creation will fail. This field will be wiped when updating - /// a Service to type ExternalName. If this field is not specified, it will - /// be initialized from the clusterIP field. If this field is specified, - /// clients must ensure that clusterIPs[0] and clusterIP have the same - /// value. - /// - /// - /// This field may hold a maximum of two entries (dual-stack IPs, in either order). - /// These IPs must correspond to the values of the ipFamilies field. Both - /// clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. - /// More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterIPs")] - pub cluster_i_ps: Option>, - /// externalIPs is a list of IP addresses for which nodes in the cluster - /// will also accept traffic for this service. These IPs are not managed by - /// Kubernetes. The user is responsible for ensuring that traffic arrives - /// at a node with this IP. A common example is external load-balancers - /// that are not part of the Kubernetes system. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalIPs")] - pub external_i_ps: Option>, - /// externalName is the external reference that discovery mechanisms will - /// return as an alias for this service (e.g. a DNS CNAME record). No - /// proxying will be involved. Must be a lowercase RFC-1123 hostname - /// (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". - #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalName")] - pub external_name: Option, - /// externalTrafficPolicy describes how nodes distribute service traffic they - /// receive on one of the Service's "externally-facing" addresses (NodePorts, - /// ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure - /// the service in a way that assumes that external load balancers will take care - /// of balancing the service traffic between nodes, and so each node will deliver - /// traffic only to the node-local endpoints of the service, without masquerading - /// the client source IP. (Traffic mistakenly sent to a node with no endpoints will - /// be dropped.) The default value, "Cluster", uses the standard behavior of - /// routing to all endpoints evenly (possibly modified by topology and other - /// features). Note that traffic sent to an External IP or LoadBalancer IP from - /// within the cluster will always get "Cluster" semantics, but clients sending to - /// a NodePort from within the cluster may need to take traffic policy into account - /// when picking a node. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalTrafficPolicy")] - pub external_traffic_policy: Option, - /// healthCheckNodePort specifies the healthcheck nodePort for the service. - /// This only applies when type is set to LoadBalancer and - /// externalTrafficPolicy is set to Local. If a value is specified, is - /// in-range, and is not in use, it will be used. If not specified, a value - /// will be automatically allocated. External systems (e.g. load-balancers) - /// can use this port to determine if a given node holds endpoints for this - /// service or not. If this field is specified when creating a Service - /// which does not need it, creation will fail. This field will be wiped - /// when updating a Service to no longer need it (e.g. changing type). - /// This field cannot be updated once set. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "healthCheckNodePort")] - pub health_check_node_port: Option, - /// InternalTrafficPolicy describes how nodes distribute service traffic they - /// receive on the ClusterIP. If set to "Local", the proxy will assume that pods - /// only want to talk to endpoints of the service on the same node as the pod, - /// dropping the traffic if there are no local endpoints. The default value, - /// "Cluster", uses the standard behavior of routing to all endpoints evenly - /// (possibly modified by topology and other features). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "internalTrafficPolicy")] - pub internal_traffic_policy: Option, - /// IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this - /// service. This field is usually assigned automatically based on cluster - /// configuration and the ipFamilyPolicy field. If this field is specified - /// manually, the requested family is available in the cluster, - /// and ipFamilyPolicy allows it, it will be used; otherwise creation of - /// the service will fail. This field is conditionally mutable: it allows - /// for adding or removing a secondary IP family, but it does not allow - /// changing the primary IP family of the Service. Valid values are "IPv4" - /// and "IPv6". This field only applies to Services of types ClusterIP, - /// NodePort, and LoadBalancer, and does apply to "headless" services. - /// This field will be wiped when updating a Service to type ExternalName. - /// - /// - /// This field may hold a maximum of two entries (dual-stack families, in - /// either order). These families must correspond to the values of the - /// clusterIPs field, if specified. Both clusterIPs and ipFamilies are - /// governed by the ipFamilyPolicy field. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "ipFamilies")] - pub ip_families: Option>, - /// IPFamilyPolicy represents the dual-stack-ness requested or required by - /// this Service. If there is no value provided, then this field will be set - /// to SingleStack. Services can be "SingleStack" (a single IP family), - /// "PreferDualStack" (two IP families on dual-stack configured clusters or - /// a single IP family on single-stack clusters), or "RequireDualStack" - /// (two IP families on dual-stack configured clusters, otherwise fail). The - /// ipFamilies and clusterIPs fields depend on the value of this field. This - /// field will be wiped when updating a service to type ExternalName. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "ipFamilyPolicy")] - pub ip_family_policy: Option, - /// loadBalancerClass is the class of the load balancer implementation this Service belongs to. - /// If specified, the value of this field must be a label-style identifier, with an optional prefix, - /// e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. - /// This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load - /// balancer implementation is used, today this is typically done through the cloud provider integration, - /// but should apply for any default implementation. If set, it is assumed that a load balancer - /// implementation is watching for Services with a matching class. Any default load balancer - /// implementation (e.g. cloud providers) should ignore Services that set this field. - /// This field can only be set when creating or updating a Service to type 'LoadBalancer'. - /// Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "loadBalancerClass")] - pub load_balancer_class: Option, - /// Only applies to Service Type: LoadBalancer. - /// This feature depends on whether the underlying cloud-provider supports specifying - /// the loadBalancerIP when a load balancer is created. - /// This field will be ignored if the cloud-provider does not support the feature. - /// Deprecated: This field was under-specified and its meaning varies across implementations. - /// Using it is non-portable and it may not support dual-stack. - /// Users are encouraged to use implementation-specific annotations when available. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "loadBalancerIP")] - pub load_balancer_ip: Option, - /// If specified and supported by the platform, this will restrict traffic through the cloud-provider - /// load-balancer will be restricted to the specified client IPs. This field will be ignored if the - /// cloud-provider does not support the feature." - /// More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ - #[serde(default, skip_serializing_if = "Option::is_none", rename = "loadBalancerSourceRanges")] - pub load_balancer_source_ranges: Option>, - /// The list of ports that are exposed by this service. - /// More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub ports: Option>, - /// publishNotReadyAddresses indicates that any agent which deals with endpoints for this - /// Service should disregard any indications of ready/not-ready. - /// The primary use case for setting this field is for a StatefulSet's Headless Service to - /// propagate SRV DNS records for its Pods for the purpose of peer discovery. - /// The Kubernetes controllers that generate Endpoints and EndpointSlice resources for - /// Services interpret this to mean that all endpoints are considered "ready" even if the - /// Pods themselves are not. Agents which consume only Kubernetes generated endpoints - /// through the Endpoints or EndpointSlice resources can safely assume this behavior. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "publishNotReadyAddresses")] - pub publish_not_ready_addresses: Option, - /// Route service traffic to pods with label keys and values matching this - /// selector. If empty or not present, the service is assumed to have an - /// external process managing its endpoints, which Kubernetes will not - /// modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. - /// Ignored if type is ExternalName. - /// More info: https://kubernetes.io/docs/concepts/services-networking/service/ + pub values: Option>, +} + +/// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the anti-affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling anti-affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + /// node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the anti-affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the anti-affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to a pod label update), the + /// system may or may not try to eventually evict the pod from its node. + /// When there are multiple elements, the lists of nodes corresponding to each + /// podAffinityTerm are intersected, i.e. all terms must be satisfied. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option>, +} + +/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// Required. A pod affinity term, associated with the corresponding weight. + #[serde(rename = "podAffinityTerm")] + pub pod_affinity_term: ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, + /// weight associated with matching the corresponding podAffinityTerm, + /// in the range 1-100. + pub weight: i32, +} + +/// Required. A pod affinity term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] - pub selector: Option>, - /// Supports "ClientIP" and "None". Used to maintain session affinity. - /// Enable client IP based session affinity. - /// Must be ClientIP or None. - /// Defaults to None. - /// More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - #[serde(default, skip_serializing_if = "Option::is_none", rename = "sessionAffinity")] - pub session_affinity: Option, - /// sessionAffinityConfig contains the configurations of session affinity. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "sessionAffinityConfig")] - pub session_affinity_config: Option, - /// type determines how the Service is exposed. Defaults to ClusterIP. Valid - /// options are ExternalName, ClusterIP, NodePort, and LoadBalancer. - /// "ClusterIP" allocates a cluster-internal IP address for load-balancing - /// to endpoints. Endpoints are determined by the selector or if that is not - /// specified, by manual construction of an Endpoints object or - /// EndpointSlice objects. If clusterIP is "None", no virtual IP is - /// allocated and the endpoints are published as a set of endpoints rather - /// than a virtual IP. - /// "NodePort" builds on ClusterIP and allocates a port on every node which - /// routes to the same endpoints as the clusterIP. - /// "LoadBalancer" builds on NodePort and creates an external load-balancer - /// (if supported in the current cloud) which routes to the same endpoints - /// as the clusterIP. - /// "ExternalName" aliases this service to the specified externalName. - /// Several other fields do not apply to ExternalName services. - /// More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] - pub r#type: Option, + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, } -/// ServicePort contains information on service's port. +/// A label query over a set of resources, in this case pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterServicesSpecPorts { - /// The application protocol for this port. - /// This is used as a hint for implementations to offer richer behavior for protocols that they understand. - /// This field follows standard Kubernetes label syntax. - /// Valid values are either: - /// - /// - /// * Un-prefixed protocol names - reserved for IANA standard service names (as per - /// RFC-6335 and https://www.iana.org/assignments/service-names). - /// - /// - /// * Kubernetes-defined prefixed names: - /// * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 - /// * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 - /// * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - /// - /// - /// * Other protocols should use implementation-defined prefixed names such as - /// mycompany.com/my-custom-protocol. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "appProtocol")] - pub app_protocol: Option, - /// The name of this port within the service. This must be a DNS_LABEL. - /// All ports within a ServiceSpec must have unique names. When considering - /// the endpoints for a Service, this must match the 'name' field in the - /// EndpointPort. - /// Optional if only one ServicePort is defined on this service. +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// The port on each node on which this service is exposed when type is - /// NodePort or LoadBalancer. Usually assigned by the system. If a value is - /// specified, in-range, and not in use it will be used, otherwise the - /// operation will fail. If not specified, a port will be allocated if this - /// Service requires one. If this field is specified when creating a - /// Service which does not need it, creation will fail. This field will be - /// wiped when updating a Service to no longer need it (e.g. changing type - /// from NodePort to ClusterIP). - /// More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodePort")] - pub node_port: Option, - /// The port that will be exposed by this service. - pub port: i32, - /// The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". - /// Default is TCP. + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub protocol: Option, - /// Number or name of the port to access on the pods targeted by the service. - /// Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - /// If this is a string, it will be looked up as a named port in the - /// target Pod's container ports. If this is not specified, the value - /// of the 'port' field is used (an identity map). - /// This field is ignored for services with clusterIP=None, and should be - /// omitted or set equal to the 'port' field. - /// More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service - #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetPort")] - pub target_port: Option, + pub values: Option>, +} + +/// Defines a set of pods (namely those matching the labelSelector +/// relative to the given namespace(s)) that this pod should be +/// co-located (affinity) or not co-located (anti-affinity) with, +/// where co-located is defined as running on a node whose value of +/// the label with key matches that of any node on which +/// a pod of the set of pods is running +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, } -/// sessionAffinityConfig contains the configurations of session affinity. +/// A label query over a set of resources, in this case pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterServicesSpecSessionAffinityConfig { - /// clientIP contains the configurations of Client IP based session affinity. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientIP")] - pub client_ip: Option, +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, } -/// clientIP contains the configurations of Client IP based session affinity. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterServicesSpecSessionAffinityConfigClientIp { - /// timeoutSeconds specifies the seconds of ClientIP type session sticky time. - /// The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". - /// Default value is 10800(for 3 hours). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "timeoutSeconds")] - pub timeout_seconds: Option, +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, } -/// ShardingSpec defines how KubeBlocks manage dynamic provisioned shards. -/// A typical design pattern for distributed databases is to distribute data across multiple shards, -/// with each shard consisting of multiple replicas. -/// Therefore, KubeBlocks supports representing a shard with a Component and dynamically instantiating Components -/// using a template when shards are added. -/// When shards are removed, the corresponding Components are also deleted. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecs { - /// Represents the common parent part of all shard names. - /// This identifier is included as part of the Service DNS name and must comply with IANA service naming rules. - /// It is used to generate the names of underlying Components following the pattern `$(shardingSpec.name)-$(ShardID)`. - /// ShardID is a random string that is appended to the Name to generate unique identifiers for each shard. - /// For example, if the sharding specification name is "my-shard" and the ShardID is "abc", the resulting Component name - /// would be "my-shard-abc". - /// - /// - /// Note that the name defined in Component template(`shardingSpec.template.name`) will be disregarded - /// when generating the Component names of the shards. The `shardingSpec.name` field takes precedence. - pub name: String, - /// Specifies the desired number of shards. - /// Users can declare the desired number of shards through this field. - /// KubeBlocks dynamically creates and deletes Components based on the difference - /// between the desired and actual number of shards. - /// KubeBlocks provides lifecycle management for sharding, including: - /// - /// - /// - Executing the postProvision Action defined in the ComponentDefinition when the number of shards increases. - /// This allows for custom actions to be performed after a new shard is provisioned. - /// - Executing the preTerminate Action defined in the ComponentDefinition when the number of shards decreases. - /// This enables custom cleanup or data migration tasks to be executed before a shard is terminated. - /// Resources and data associated with the corresponding Component will also be deleted. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub shards: Option, - /// The template for generating Components for shards, where each shard consists of one Component. - /// This field is of type ClusterComponentSpec, which encapsulates all the required details and - /// definitions for creating and managing the Components. - /// KubeBlocks uses this template to generate a set of identical Components or shards. - /// All the generated Components will have the same specifications and definitions as specified in the `template` field. - /// - /// - /// This allows for the creation of multiple Components with consistent configurations, - /// enabling sharding and distribution of workloads across Components. - pub template: ClusterShardingSpecsTemplate, +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, } -/// The template for generating Components for shards, where each shard consists of one Component. -/// This field is of type ClusterComponentSpec, which encapsulates all the required details and -/// definitions for creating and managing the Components. -/// KubeBlocks uses this template to generate a set of identical Components or shards. -/// All the generated Components will have the same specifications and definitions as specified in the `template` field. -/// -/// -/// This allows for the creation of multiple Components with consistent configurations, -/// enabling sharding and distribution of workloads across Components. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplate { - /// Specifies a group of affinity scheduling rules for the Component. - /// It allows users to control how the Component's Pods are scheduled onto nodes in the K8s cluster. - /// - /// - /// Deprecated since v0.10, replaced by the `schedulingPolicy` field. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub affinity: Option, - /// References the name of a ComponentDefinition object. - /// The ComponentDefinition specifies the behavior and characteristics of the Component. - /// If both `componentDefRef` and `componentDef` are provided, - /// the `componentDef` will take precedence over `componentDefRef`. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "componentDef")] - pub component_def: Option, - /// References a ClusterComponentDefinition defined in the `clusterDefinition.spec.componentDef` field. - /// Must comply with the IANA service naming rule. - /// - /// - /// Deprecated since v0.9, - /// because defining Components in `clusterDefinition.spec.componentDef` field has been deprecated. - /// This field is replaced by the `componentDef` field, use `componentDef` instead. - /// This field is maintained for backward compatibility and its use is discouraged. - /// Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. - /// - /// - /// TODO +kubebuilder:validation:XValidation:rule="self == oldSelf",message="componentDefRef is immutable" - #[serde(default, skip_serializing_if = "Option::is_none", rename = "componentDefRef")] - pub component_def_ref: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub configs: Option>, - /// Determines whether metrics exporter information is annotated on the Component's headless Service. - /// - /// - /// If set to true, the following annotations will not be patched into the Service: - /// - /// - /// - "monitor.kubeblocks.io/path" - /// - "monitor.kubeblocks.io/port" - /// - "monitor.kubeblocks.io/scheme" - /// - /// - /// These annotations allow the Prometheus installed by KubeBlocks to discover and scrape metrics from the exporter. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableExporter")] - pub disable_exporter: Option, - /// Specifies which types of logs should be collected for the Component. - /// The log types are defined in the `componentDefinition.spec.logConfigs` field with the LogConfig entries. - /// - /// - /// The elements in the `enabledLogs` array correspond to the names of the LogConfig entries. - /// For example, if the `componentDefinition.spec.logConfigs` defines LogConfig entries with - /// names "slow_query_log" and "error_log", - /// you can enable the collection of these logs by including their names in the `enabledLogs` array: - /// ```yaml - /// enabledLogs: - /// - slow_query_log - /// - error_log - /// ``` - #[serde(default, skip_serializing_if = "Option::is_none", rename = "enabledLogs")] - pub enabled_logs: Option>, - /// Allows for the customization of configuration values for each instance within a Component. - /// An instance represent a single replica (Pod and associated K8s resources like PVCs, Services, and ConfigMaps). - /// While instances typically share a common configuration as defined in the ClusterComponentSpec, - /// they can require unique settings in various scenarios: - /// - /// - /// For example: - /// - A database Component might require different resource allocations for primary and secondary instances, - /// with primaries needing more resources. - /// - During a rolling upgrade, a Component may first update the image for one or a few instances, - /// and then update the remaining instances after verifying that the updated instances are functioning correctly. - /// - /// - /// InstanceTemplate allows for specifying these unique configurations per instance. - /// Each instance's name is constructed using the pattern: $(component.name)-$(template.name)-$(ordinal), - /// starting with an ordinal of 0. - /// It is crucial to maintain unique names for each InstanceTemplate to avoid conflicts. - /// - /// - /// The sum of replicas across all InstanceTemplates should not exceed the total number of replicas specified for the Component. - /// Any remaining replicas will be generated using the default template and will follow the default naming rules. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub instances: Option>, - /// Specifies the configuration for the TLS certificates issuer. - /// It allows defining the issuer name and the reference to the secret containing the TLS certificates and key. - /// The secret should contain the CA certificate, TLS certificate, and private key in the specified keys. - /// Required when TLS is enabled. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub issuer: Option, - /// Deprecated since v0.9 - /// Determines whether metrics exporter information is annotated on the Component's headless Service. - /// - /// - /// If set to true, the following annotations will be patched into the Service: - /// - /// - /// - "monitor.kubeblocks.io/path" - /// - "monitor.kubeblocks.io/port" - /// - "monitor.kubeblocks.io/scheme" - /// - /// - /// These annotations allow the Prometheus installed by KubeBlocks to discover and scrape metrics from the exporter. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub monitor: Option, - /// Specifies the Component's name. - /// It's part of the Service DNS name and must comply with the IANA service naming rule. - /// The name is optional when ClusterComponentSpec is used as a template (e.g., in `shardingSpec`), - /// but required otherwise. - /// - /// - /// TODO +kubebuilder:validation:XValidation:rule="self == oldSelf",message="name is immutable" +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// Specifies the names of instances to be transitioned to offline status. - /// - /// - /// Marking an instance as offline results in the following: - /// - /// - /// 1. The associated Pod is stopped, and its PersistentVolumeClaim (PVC) is retained for potential - /// future reuse or data recovery, but it is no longer actively used. - /// 2. The ordinal number assigned to this instance is preserved, ensuring it remains unique - /// and avoiding conflicts with new instances. - /// - /// - /// Setting instances to offline allows for a controlled scale-in process, preserving their data and maintaining - /// ordinal consistency within the Cluster. - /// Note that offline instances and their associated resources, such as PVCs, are not automatically deleted. - /// The administrator must manually manage the cleanup and removal of these resources when they are no longer needed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "offlineInstances")] - pub offline_instances: Option>, - /// Specifies the desired number of replicas in the Component for enhancing availability and durability, or load balancing. - pub replicas: i32, - /// Specifies the resources required by the Component. - /// It allows defining the CPU, memory requirements and limits for the Component's containers. + pub values: Option>, +} + +/// The pod this Toleration is attached to tolerates any taint that matches +/// the triple using the matching operator . +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyTolerations { + /// Effect indicates the taint effect to match. Empty means match all taint effects. + /// When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. #[serde(default, skip_serializing_if = "Option::is_none")] - pub resources: Option, - /// Specifies the scheduling policy for the Component. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulingPolicy")] - pub scheduling_policy: Option, - /// Specifies the name of the ServiceAccount required by the running Component. - /// This ServiceAccount is used to grant necessary permissions for the Component's Pods to interact - /// with other Kubernetes resources, such as modifying Pod labels or sending events. - /// - /// - /// Defaults: - /// If not specified, KubeBlocks automatically assigns a default ServiceAccount named "kb-{cluster.name}", - /// bound to a default role installed together with KubeBlocks. - /// - /// - /// Future Changes: - /// Future versions might change the default ServiceAccount creation strategy to one per Component, - /// potentially revising the naming to "kb-{cluster.name}-{component.name}". - /// - /// - /// Users can override the automatic ServiceAccount assignment by explicitly setting the name of - /// an existed ServiceAccount in this field. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccountName")] - pub service_account_name: Option, - /// Defines a list of ServiceRef for a Component, enabling access to both external services and - /// Services provided by other Clusters. - /// - /// - /// Types of services: - /// - /// - /// - External services: Not managed by KubeBlocks or managed by a different KubeBlocks operator; - /// Require a ServiceDescriptor for connection details. - /// - Services provided by a Cluster: Managed by the same KubeBlocks operator; - /// identified using Cluster, Component and Service names. - /// - /// - /// ServiceRefs with identical `serviceRef.name` in the same Cluster are considered the same. - /// - /// - /// Example: - /// ```yaml - /// serviceRefs: - /// - name: "redis-sentinel" - /// serviceDescriptor: - /// name: "external-redis-sentinel" - /// - name: "postgres-cluster" - /// clusterServiceSelector: - /// cluster: "my-postgres-cluster" - /// service: - /// component: "postgresql" - /// ``` - /// The example above includes ServiceRefs to an external Redis Sentinel service and a PostgreSQL Cluster. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceRefs")] - pub service_refs: Option>, - /// ServiceVersion specifies the version of the Service expected to be provisioned by this Component. - /// The version should follow the syntax and semantics of the "Semantic Versioning" specification (http://semver.org/). - /// If no version is specified, the latest available version will be used. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceVersion")] - pub service_version: Option, - /// Overrides services defined in referenced ComponentDefinition and expose endpoints that can be accessed by clients. + pub effect: Option, + /// Key is the taint key that the toleration applies to. Empty means match all taint keys. + /// If the key is empty, operator must be Exists; this combination means to match all values and all keys. #[serde(default, skip_serializing_if = "Option::is_none")] - pub services: Option>, - /// Defines the strategy for switchover and failover when workloadType is Replication. - /// - /// - /// Deprecated since v0.9. - /// This field is maintained for backward compatibility and its use is discouraged. - /// Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "switchPolicy")] - pub switch_policy: Option, - /// Overrides system accounts defined in referenced ComponentDefinition. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "systemAccounts")] - pub system_accounts: Option>, - /// A boolean flag that indicates whether the Component should use Transport Layer Security (TLS) - /// for secure communication. - /// When set to true, the Component will be configured to use TLS encryption for its network connections. - /// This ensures that the data transmitted between the Component and its clients or other Components is encrypted - /// and protected from unauthorized access. - /// If TLS is enabled, the Component may require additional configuration, such as specifying TLS certificates and keys, - /// to properly set up the secure communication channel. + pub key: Option, + /// Operator represents a key's relationship to the value. + /// Valid operators are Exists and Equal. Defaults to Equal. + /// Exists is equivalent to wildcard for value, so that a pod can + /// tolerate all taints of a particular category. #[serde(default, skip_serializing_if = "Option::is_none")] - pub tls: Option, - /// Allows Pods to be scheduled onto nodes with matching taints. - /// Each toleration in the array allows the Pod to tolerate node taints based on - /// specified `key`, `value`, `effect`, and `operator`. + pub operator: Option, + /// TolerationSeconds represents the period of time the toleration (which must be + /// of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + /// it is not set, which means tolerate the taint forever (do not evict). Zero and + /// negative values will be treated as 0 (evict immediately) by the system. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] + pub toleration_seconds: Option, + /// Value is the taint value the toleration matches to. + /// If the operator is Exists, the value should be empty, otherwise just a regular string. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// TopologySpreadConstraint specifies how to spread matching pods among the given topology. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyTopologySpreadConstraints { + /// LabelSelector is used to find matching pods. + /// Pods that match this label selector are counted to determine the number of pods + /// in their corresponding topology domain. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select the pods over which + /// spreading will be calculated. The keys are used to lookup values from the + /// incoming pod labels, those key-value labels are ANDed with labelSelector + /// to select the group of existing pods over which spreading will be calculated + /// for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + /// MatchLabelKeys cannot be set when LabelSelector isn't set. + /// Keys that don't exist in the incoming pod labels will + /// be ignored. A null or empty list means only match against labelSelector. /// /// - /// - The `key`, `value`, and `effect` identify the taint that the toleration matches. - /// - The `operator` determines how the toleration matches the taint. + /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MaxSkew describes the degree to which pods may be unevenly distributed. + /// When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + /// between the number of matching pods in the target topology and the global minimum. + /// The global minimum is the minimum number of matching pods in an eligible domain + /// or zero if the number of eligible domains is less than MinDomains. + /// For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + /// labelSelector spread as 2/2/1: + /// In this case, the global minimum is 1. + /// | zone1 | zone2 | zone3 | + /// | P P | P P | P | + /// - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + /// scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + /// violate MaxSkew(1). + /// - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + /// When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + /// to topologies that satisfy it. + /// It's a required field. Default value is 1 and 0 is not allowed. + #[serde(rename = "maxSkew")] + pub max_skew: i32, + /// MinDomains indicates a minimum number of eligible domains. + /// When the number of eligible domains with matching topology keys is less than minDomains, + /// Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + /// And when the number of eligible domains with matching topology keys equals or greater than minDomains, + /// this value has no effect on scheduling. + /// As a result, when the number of eligible domains is less than minDomains, + /// scheduler won't schedule more than maxSkew Pods to those domains. + /// If value is nil, the constraint behaves as if MinDomains is equal to 1. + /// Valid values are integers greater than 0. + /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// /// - /// Pods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes. + /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + /// labelSelector spread as 2/2/2: + /// | zone1 | zone2 | zone3 | + /// | P P | P P | P P | + /// The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + /// In this situation, new pod with the same labelSelector cannot be scheduled, + /// because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + /// it will violate MaxSkew. /// /// - /// Deprecated since v0.10, replaced by the `schedulingPolicy` field. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tolerations: Option>, - /// Defines the update strategy for the Component. + /// This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "minDomains")] + pub min_domains: Option, + /// NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + /// when calculating pod topology spread skew. Options are: + /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// /// - /// Deprecated since v0.9. - /// This field is maintained for backward compatibility and its use is discouraged. - /// Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "updateStrategy")] - pub update_strategy: Option, - /// Allows users to specify custom ConfigMaps and Secrets to be mounted as volumes - /// in the Cluster's Pods. - /// This is useful in scenarios where users need to provide additional resources to the Cluster, such as: + /// If this value is nil, the behavior is equivalent to the Honor policy. + /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] + pub node_affinity_policy: Option, + /// NodeTaintsPolicy indicates how we will treat node taints when calculating + /// pod topology spread skew. Options are: + /// - Honor: nodes without taints, along with tainted nodes for which the incoming pod + /// has a toleration, are included. + /// - Ignore: node taints are ignored. All nodes are included. /// /// - /// - Mounting custom scripts or configuration files during Cluster startup. - /// - Mounting Secrets as volumes to provide sensitive information, like S3 AK/SK, to the Cluster. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "userResourceRefs")] - pub user_resource_refs: Option, - /// Specifies a list of PersistentVolumeClaim templates that represent the storage requirements for the Component. - /// Each template specifies the desired characteristics of a persistent volume, such as storage class, - /// size, and access modes. - /// These templates are used to dynamically provision persistent volumes for the Component. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplates")] - pub volume_claim_templates: Option>, + /// If this value is nil, the behavior is equivalent to the Ignore policy. + /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] + pub node_taints_policy: Option, + /// TopologyKey is the key of node labels. Nodes that have a label with this key + /// and identical values are considered to be in the same topology. + /// We consider each as a "bucket", and try to put balanced number + /// of pods into each bucket. + /// We define a domain as a particular instance of a topology. + /// Also, we define an eligible domain as a domain whose nodes meet the requirements of + /// nodeAffinityPolicy and nodeTaintsPolicy. + /// e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + /// And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + /// It's a required field. + #[serde(rename = "topologyKey")] + pub topology_key: String, + /// WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + /// the spread constraint. + /// - DoNotSchedule (default) tells the scheduler not to schedule it. + /// - ScheduleAnyway tells the scheduler to schedule the pod in any location, + /// but giving higher precedence to topologies that would help reduce the + /// skew. + /// A constraint is considered "Unsatisfiable" for an incoming pod + /// if and only if every possible node assignment for that pod would violate + /// "MaxSkew" on some topology. + /// For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + /// labelSelector spread as 3/1/1: + /// | zone1 | zone2 | zone3 | + /// | P P P | P | P | + /// If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + /// to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + /// MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + /// won't make it *more* imbalanced. + /// It's a required field. + #[serde(rename = "whenUnsatisfiable")] + pub when_unsatisfiable: String, +} + +/// LabelSelector is used to find matching pods. +/// Pods that match this label selector are counted to determine the number of pods +/// in their corresponding topology domain. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyTopologySpreadConstraintsLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyTopologySpreadConstraintsLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, } -/// Specifies a group of affinity scheduling rules for the Component. -/// It allows users to control how the Component's Pods are scheduled onto nodes in the K8s cluster. -/// -/// -/// Deprecated since v0.10, replaced by the `schedulingPolicy` field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateAffinity { - /// Indicates the node labels that must be present on nodes for pods to be scheduled on them. - /// It is a map where the keys are the label keys and the values are the corresponding label values. - /// Pods will only be scheduled on nodes that have all the specified labels with the corresponding values. - /// - /// - /// For example, if NodeLabels is set to {"nodeType": "ssd", "environment": "production"}, - /// pods will only be scheduled on nodes that have both the "nodeType" label with value "ssd" - /// and the "environment" label with value "production". +pub struct ClusterShardingSpecsTemplateInstancesVolumeClaimTemplates { + /// Refers to the name of a volumeMount defined in either: /// /// - /// This field allows users to control Pod placement based on specific node labels. - /// It can be used to ensure that Pods are scheduled on nodes with certain characteristics, - /// such as specific hardware (e.g., SSD), environment (e.g., production, staging), - /// or any other custom labels assigned to nodes. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeLabels")] - pub node_labels: Option>, - /// Specifies the anti-affinity level of Pods within a Component. - /// It determines how pods should be spread across nodes to improve availability and performance. - /// It can have the following values: `Preferred` and `Required`. - /// The default value is `Preferred`. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAntiAffinity")] - pub pod_anti_affinity: Option, - /// Determines the level of resource isolation between Pods. - /// It can have the following values: `SharedNode` and `DedicatedNode`. + /// - `componentDefinition.spec.runtime.containers[*].volumeMounts` + /// - `clusterDefinition.spec.componentDefs[*].podSpec.containers[*].volumeMounts` (deprecated) /// /// - /// - SharedNode: Allow that multiple Pods may share the same node, which is the default behavior of K8s. - /// - DedicatedNode: Each Pod runs on a dedicated node, ensuring that no two Pods share the same node. - /// In other words, if a Pod is already running on a node, no other Pods will be scheduled on that node. - /// Which provides a higher level of isolation and resource guarantee for Pods. + /// The value of `name` must match the `name` field of a volumeMount specified in the corresponding `volumeMounts` array. + pub name: String, + /// Defines the desired characteristics of a PersistentVolumeClaim that will be created for the volume + /// with the mount name specified in the `name` field. /// /// - /// The default value is `SharedNode`. + /// When a Pod is created for this ClusterComponent, a new PVC will be created based on the specification + /// defined in the `spec` field. The PVC will be associated with the volume mount specified by the `name` field. #[serde(default, skip_serializing_if = "Option::is_none")] - pub tenancy: Option, - /// Represents the key of node labels used to define the topology domain for Pod anti-affinity - /// and Pod spread constraints. - /// - /// - /// In K8s, a topology domain is a set of nodes that have the same value for a specific label key. - /// Nodes with labels containing any of the specified TopologyKeys and identical values are considered - /// to be in the same topology domain. - /// - /// - /// Note: The concept of topology in the context of K8s TopologyKeys is different from the concept of - /// topology in the ClusterDefinition. - /// - /// - /// When a Pod has anti-affinity or spread constraints specified, Kubernetes will attempt to schedule the - /// Pod on nodes with different values for the specified TopologyKeys. - /// This ensures that Pods are spread across different topology domains, promoting high availability and - /// reducing the impact of node failures. - /// - /// - /// Some well-known label keys, such as `kubernetes.io/hostname` and `topology.kubernetes.io/zone`, - /// are often used as TopologyKey. - /// These keys represent the hostname and zone of a node, respectively. - /// By including these keys in the TopologyKeys list, Pods will be spread across nodes with - /// different hostnames or zones. + pub spec: Option, +} + +/// Defines the desired characteristics of a PersistentVolumeClaim that will be created for the volume +/// with the mount name specified in the `name` field. +/// +/// +/// When a Pod is created for this ClusterComponent, a new PVC will be created based on the specification +/// defined in the `spec` field. The PVC will be associated with the volume mount specified by the `name` field. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesVolumeClaimTemplatesSpec { + /// Contains the desired access modes the volume should have. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] + pub access_modes: Option>, + /// Represents the minimum resources the volume should have. + /// If the RecoverVolumeExpansionFailure feature is enabled, users are allowed to specify resource requirements that + /// are lower than the previous value but must still be higher than the capacity recorded in the status field of the claim. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, + /// The name of the StorageClass required by the claim. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] + pub storage_class_name: Option, + /// Defines what type of volume is required by the claim, either Block or Filesystem. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] + pub volume_mode: Option, +} + +/// Represents the minimum resources the volume should have. +/// If the RecoverVolumeExpansionFailure feature is enabled, users are allowed to specify resource requirements that +/// are lower than the previous value but must still be higher than the capacity recorded in the status field of the claim. +/// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesVolumeClaimTemplatesSpecResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. /// /// - /// In addition to the well-known keys, users can also specify custom label keys as TopologyKeys. - /// This allows for more flexible and custom topology definitions based on the specific needs - /// of the application or environment. + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. /// /// - /// The TopologyKeys field is a slice of strings, where each string represents a label key. - /// The order of the keys in the slice does not matter. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologyKeys")] - pub topology_keys: Option>, + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, } -/// Specifies a group of affinity scheduling rules for the Component. -/// It allows users to control how the Component's Pods are scheduled onto nodes in the K8s cluster. -/// -/// -/// Deprecated since v0.10, replaced by the `schedulingPolicy` field. -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ClusterShardingSpecsTemplateAffinityPodAntiAffinity { - Preferred, - Required, +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesVolumeClaimTemplatesSpecResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. + pub name: String, } -/// Specifies a group of affinity scheduling rules for the Component. -/// It allows users to control how the Component's Pods are scheduled onto nodes in the K8s cluster. -/// -/// -/// Deprecated since v0.10, replaced by the `schedulingPolicy` field. -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ClusterShardingSpecsTemplateAffinityTenancy { - SharedNode, - DedicatedNode, +/// VolumeMount describes a mounting of a Volume within a container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesVolumeMounts { + /// Path within the container at which the volume should be mounted. Must + /// not contain ':'. + #[serde(rename = "mountPath")] + pub mount_path: String, + /// mountPropagation determines how mounts are propagated from the host + /// to container and the other way around. + /// When not set, MountPropagationNone is used. + /// This field is beta in 1.10. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPropagation")] + pub mount_propagation: Option, + /// This must match the Name of a Volume. + pub name: String, + /// Mounted read-only if true, read-write otherwise (false or unspecified). + /// Defaults to false. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// Path within the volume from which the container's volume should be mounted. + /// Defaults to "" (volume's root). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] + pub sub_path: Option, + /// Expanded path within the volume from which the container's volume should be mounted. + /// Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + /// Defaults to "" (volume's root). + /// SubPathExpr and SubPath are mutually exclusive. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] + pub sub_path_expr: Option, } -/// ClusterComponentConfig represents a config with its source bound. +/// Volume represents a named volume in a pod that may be accessed by any container in the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateConfigs { - /// ConfigMap source for the config. +pub struct ClusterShardingSpecsTemplateInstancesVolumes { + /// awsElasticBlockStore represents an AWS Disk resource that is attached to a + /// kubelet's host machine and then exposed to the pod. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + #[serde(default, skip_serializing_if = "Option::is_none", rename = "awsElasticBlockStore")] + pub aws_elastic_block_store: Option, + /// azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "azureDisk")] + pub azure_disk: Option, + /// azureFile represents an Azure File Service mount on the host and bind mount to the pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "azureFile")] + pub azure_file: Option, + /// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cephfs: Option, + /// cinder represents a cinder volume attached and mounted on kubelets host machine. + /// More info: https://examples.k8s.io/mysql-cinder-pd/README.md + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cinder: Option, + /// configMap represents a configMap that should populate this volume #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, - /// The name of the config. + pub config_map: Option, + /// csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, -} - -/// ConfigMap source for the config. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateConfigsConfigMap { - /// defaultMode is optional: mode bits used to set permissions on created files by default. - /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - /// Defaults to 0644. - /// Directories within the path are not affected by this setting. - /// This might be in conflict with other options that affect the file - /// mode, like fsGroup, and the result can be other mode bits set. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] - pub default_mode: Option, - /// items if unspecified, each key-value pair in the Data field of the referenced - /// ConfigMap will be projected into the volume as a file whose name is the - /// key and content is the value. If specified, the listed keys will be - /// projected into the specified paths, and unlisted keys will not be - /// present. If a key is specified which is not present in the ConfigMap, - /// the volume setup will error unless it is marked optional. Paths must be - /// relative and may not contain the '..' path or start with '..'. + pub csi: Option, + /// downwardAPI represents downward API about the pod that should populate this volume + #[serde(default, skip_serializing_if = "Option::is_none", rename = "downwardAPI")] + pub downward_api: Option, + /// emptyDir represents a temporary directory that shares a pod's lifetime. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDir")] + pub empty_dir: Option, + /// ephemeral represents a volume that is handled by a cluster storage driver. + /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + /// and deleted when the pod is removed. + /// + /// + /// Use this if: + /// a) the volume is only needed while the pod runs, + /// b) features of normal volumes like restoring from snapshot or capacity + /// tracking are needed, + /// c) the storage driver is specified through a storage class, and + /// d) the storage driver supports dynamic volume provisioning through + /// a PersistentVolumeClaim (see EphemeralVolumeSource for more + /// information on the connection between this volume type + /// and PersistentVolumeClaim). + /// + /// + /// Use PersistentVolumeClaim or one of the vendor-specific + /// APIs for volumes that persist for longer than the lifecycle + /// of an individual pod. + /// + /// + /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + /// be used that way - see the documentation of the driver for + /// more information. + /// + /// + /// A pod can use both types of ephemeral volumes and + /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] - pub items: Option>, - /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Add other useful fields. apiVersion, kind, uid? + pub ephemeral: Option, + /// fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// optional specify whether the ConfigMap or its keys must be defined + pub fc: Option, + /// flexVolume represents a generic volume resource that is + /// provisioned/attached using an exec based plugin. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "flexVolume")] + pub flex_volume: Option, + /// flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -/// Maps a string key to a path within a volume. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateConfigsConfigMapItems { - /// key is the key to project. - pub key: String, - /// mode is Optional: mode bits used to set permissions on this file. - /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - /// If not specified, the volume defaultMode will be used. - /// This might be in conflict with other options that affect the file - /// mode, like fsGroup, and the result can be other mode bits set. + pub flocker: Option, + /// gcePersistentDisk represents a GCE Disk resource that is attached to a + /// kubelet's host machine and then exposed to the pod. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gcePersistentDisk")] + pub gce_persistent_disk: Option, + /// gitRepo represents a git repository at a particular revision. + /// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + /// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + /// into the Pod's container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gitRepo")] + pub git_repo: Option, + /// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + /// More info: https://examples.k8s.io/volumes/glusterfs/README.md #[serde(default, skip_serializing_if = "Option::is_none")] - pub mode: Option, - /// path is the relative path of the file to map the key to. - /// May not be an absolute path. - /// May not contain the path element '..'. - /// May not start with the string '..'. - pub path: String, -} - -/// InstanceTemplate allows customization of individual replica configurations in a Component. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstances { - /// Specifies a map of key-value pairs to be merged into the Pod's existing annotations. - /// Existing keys will have their values overwritten, while new keys will be added to the annotations. + pub glusterfs: Option, + /// hostPath represents a pre-existing file or directory on the host + /// machine that is directly exposed to the container. This is generally + /// used for system agents or other privileged things that are allowed + /// to see the host machine. Most containers will NOT need this. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + /// --- + /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + /// mount host directories as read/write. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] + pub host_path: Option, + /// iscsi represents an ISCSI Disk resource that is attached to a + /// kubelet's host machine and then exposed to the pod. + /// More info: https://examples.k8s.io/volumes/iscsi/README.md #[serde(default, skip_serializing_if = "Option::is_none")] - pub annotations: Option>, - /// Defines Env to override. - /// Add new or override existing envs. + pub iscsi: Option, + /// name of the volume. + /// Must be a DNS_LABEL and unique within the pod. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + pub name: String, + /// nfs represents an NFS mount on the host that shares a pod's lifetime + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs #[serde(default, skip_serializing_if = "Option::is_none")] - pub env: Option>, - /// Specifies an override for the first container's image in the Pod. + pub nfs: Option, + /// persistentVolumeClaimVolumeSource represents a reference to a + /// PersistentVolumeClaim in the same namespace. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + #[serde(default, skip_serializing_if = "Option::is_none", rename = "persistentVolumeClaim")] + pub persistent_volume_claim: Option, + /// photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "photonPersistentDisk")] + pub photon_persistent_disk: Option, + /// portworxVolume represents a portworx volume attached and mounted on kubelets host machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "portworxVolume")] + pub portworx_volume: Option, + /// projected items for all in one resources secrets, configmaps, and downward API #[serde(default, skip_serializing_if = "Option::is_none")] - pub image: Option, - /// Specifies a map of key-value pairs that will be merged into the Pod's existing labels. - /// Values for existing keys will be overwritten, and new keys will be added. + pub projected: Option, + /// quobyte represents a Quobyte mount on the host that shares a pod's lifetime #[serde(default, skip_serializing_if = "Option::is_none")] - pub labels: Option>, - /// Name specifies the unique name of the instance Pod created using this InstanceTemplate. - /// This name is constructed by concatenating the Component's name, the template's name, and the instance's ordinal - /// using the pattern: $(cluster.name)-$(component.name)-$(template.name)-$(ordinal). Ordinals start from 0. - /// The specified name overrides any default naming conventions or patterns. - pub name: String, - /// Specifies the number of instances (Pods) to create from this InstanceTemplate. - /// This field allows setting how many replicated instances of the Component, - /// with the specific overrides in the InstanceTemplate, are created. - /// The default value is 1. A value of 0 disables instance creation. + pub quobyte: Option, + /// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + /// More info: https://examples.k8s.io/volumes/rbd/README.md #[serde(default, skip_serializing_if = "Option::is_none")] - pub replicas: Option, - /// Specifies an override for the resource requirements of the first container in the Pod. - /// This field allows for customizing resource allocation (CPU, memory, etc.) for the container. + pub rbd: Option, + /// scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "scaleIO")] + pub scale_io: Option, + /// secret represents a secret that should populate this volume. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#secret #[serde(default, skip_serializing_if = "Option::is_none")] - pub resources: Option, - /// Specifies the scheduling policy for the Component. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulingPolicy")] - pub scheduling_policy: Option, - /// Defines VolumeClaimTemplates to override. - /// Add new or override existing volume claim templates. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplates")] - pub volume_claim_templates: Option>, - /// Defines VolumeMounts to override. - /// Add new or override existing volume mounts of the first container in the Pod. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMounts")] - pub volume_mounts: Option>, - /// Defines Volumes to override. - /// Add new or override existing volumes. + pub secret: Option, + /// storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. #[serde(default, skip_serializing_if = "Option::is_none")] - pub volumes: Option>, + pub storageos: Option, + /// vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "vsphereVolume")] + pub vsphere_volume: Option, } -/// EnvVar represents an environment variable present in a Container. +/// awsElasticBlockStore represents an AWS Disk resource that is attached to a +/// kubelet's host machine and then exposed to the pod. +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesEnv { - /// Name of the environment variable. Must be a C_IDENTIFIER. - pub name: String, - /// Variable references $(VAR_NAME) are expanded - /// using the previously defined environment variables in the container and - /// any service environment variables. If a variable cannot be resolved, - /// the reference in the input string will be unchanged. Double $$ are reduced - /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - /// "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - /// Escaped references will never be expanded, regardless of whether the variable - /// exists or not. - /// Defaults to "". +pub struct ClusterShardingSpecsTemplateInstancesVolumesAwsElasticBlockStore { + /// fsType is the filesystem type of the volume that you want to mount. + /// Tip: Ensure that the filesystem type is supported by the host operating system. + /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + /// TODO: how do we prevent errors in the filesystem from compromising the machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// partition is the partition in the volume that you want to mount. + /// If omitted, the default is to mount by volume name. + /// Examples: For volume /dev/sda1, you specify the partition as "1". + /// Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option, - /// Source for the environment variable's value. Cannot be used if value is not empty. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] - pub value_from: Option, -} - -/// Source for the environment variable's value. Cannot be used if value is not empty. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesEnvValueFrom { - /// Selects a key of a ConfigMap. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] - pub config_map_key_ref: Option, - /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] - pub field_ref: Option, - /// Selects a resource of the container: only resources limits and requests - /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] - pub resource_field_ref: Option, - /// Selects a key of a secret in the pod's namespace - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, + pub partition: Option, + /// readOnly value true will force the readOnly setting in VolumeMounts. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + #[serde(rename = "volumeID")] + pub volume_id: String, } -/// Selects a key of a ConfigMap. +/// azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesEnvValueFromConfigMapKeyRef { - /// The key to select. - pub key: String, - /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Add other useful fields. apiVersion, kind, uid? - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// Specify whether the ConfigMap or its key must be defined +pub struct ClusterShardingSpecsTemplateInstancesVolumesAzureDisk { + /// cachingMode is the Host Caching mode: None, Read Only, Read Write. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cachingMode")] + pub caching_mode: Option, + /// diskName is the Name of the data disk in the blob storage + #[serde(rename = "diskName")] + pub disk_name: String, + /// diskURI is the URI of data disk in the blob storage + #[serde(rename = "diskURI")] + pub disk_uri: String, + /// fsType is Filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, + pub kind: Option, + /// readOnly Defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, } -/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +/// azureFile represents an Azure File Service mount on the host and bind mount to the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesEnvValueFromFieldRef { - /// Version of the schema the FieldPath is written in terms of, defaults to "v1". - #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] - pub api_version: Option, - /// Path of the field to select in the specified API version. - #[serde(rename = "fieldPath")] - pub field_path: String, +pub struct ClusterShardingSpecsTemplateInstancesVolumesAzureFile { + /// readOnly defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretName is the name of secret that contains Azure Storage Account Name and Key + #[serde(rename = "secretName")] + pub secret_name: String, + /// shareName is the azure share Name + #[serde(rename = "shareName")] + pub share_name: String, } -/// Selects a resource of the container: only resources limits and requests -/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +/// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesEnvValueFromResourceFieldRef { - /// Container name: required for volumes, optional for env vars - #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] - pub container_name: Option, - /// Specifies the output format of the exposed resources, defaults to "1" +pub struct ClusterShardingSpecsTemplateInstancesVolumesCephfs { + /// monitors is Required: Monitors is a collection of Ceph monitors + /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + pub monitors: Vec, + /// path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / #[serde(default, skip_serializing_if = "Option::is_none")] - pub divisor: Option, - /// Required: resource to select - pub resource: String, + pub path: Option, + /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretFile")] + pub secret_file: Option, + /// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, + /// user is optional: User is the rados user name, default is admin + /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, } -/// Selects a key of a secret in the pod's namespace +/// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. +/// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesEnvValueFromSecretKeyRef { - /// The key of the secret to select from. Must be a valid secret key. - pub key: String, +pub struct ClusterShardingSpecsTemplateInstancesVolumesCephfsSecretRef { /// Name of the referent. /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Specify whether the Secret or its key must be defined - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, } -/// Specifies an override for the resource requirements of the first container in the Pod. -/// This field allows for customizing resource allocation (CPU, memory, etc.) for the container. +/// cinder represents a cinder volume attached and mounted on kubelets host machine. +/// More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesResources { - /// Claims lists the names of resources, defined in spec.resourceClaims, - /// that are used by this container. - /// - /// - /// This is an alpha field and requires enabling the - /// DynamicResourceAllocation feature gate. - /// - /// - /// This field is immutable. It can only be set for containers. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub claims: Option>, - /// Limits describes the maximum amount of compute resources allowed. - /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - #[serde(default, skip_serializing_if = "Option::is_none")] - pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. - /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - /// otherwise to an implementation-defined value. Requests cannot exceed Limits. - /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - #[serde(default, skip_serializing_if = "Option::is_none")] - pub requests: Option>, +pub struct ClusterShardingSpecsTemplateInstancesVolumesCinder { + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// More info: https://examples.k8s.io/mysql-cinder-pd/README.md + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// readOnly defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + /// More info: https://examples.k8s.io/mysql-cinder-pd/README.md + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretRef is optional: points to a secret object containing parameters used to connect + /// to OpenStack. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, + /// volumeID used to identify the volume in cinder. + /// More info: https://examples.k8s.io/mysql-cinder-pd/README.md + #[serde(rename = "volumeID")] + pub volume_id: String, } -/// ResourceClaim references one entry in PodSpec.ResourceClaims. +/// secretRef is optional: points to a secret object containing parameters used to connect +/// to OpenStack. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesResourcesClaims { - /// Name must match the name of one entry in pod.spec.resourceClaims of - /// the Pod where this field is used. It makes that resource available - /// inside a container. - pub name: String, +pub struct ClusterShardingSpecsTemplateInstancesVolumesCinderSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, } -/// Specifies the scheduling policy for the Component. +/// configMap represents a configMap that should populate this volume #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicy { - /// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. +pub struct ClusterShardingSpecsTemplateInstancesVolumesConfigMap { + /// defaultMode is optional: mode bits used to set permissions on created files by default. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// Defaults to 0644. + /// Directories within the path are not affected by this setting. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + /// items if unspecified, each key-value pair in the Data field of the referenced + /// ConfigMap will be projected into the volume as a file whose name is the + /// key and content is the value. If specified, the listed keys will be + /// projected into the specified paths, and unlisted keys will not be + /// present. If a key is specified which is not present in the ConfigMap, + /// the volume setup will error unless it is marked optional. Paths must be + /// relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] - pub affinity: Option, - /// NodeName is a request to schedule this Pod onto a specific node. If it is non-empty, - /// the scheduler simply schedules this Pod onto that node, assuming that it fits resource - /// requirements. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] - pub node_name: Option, - /// NodeSelector is a selector which must be true for the Pod to fit on a node. - /// Selector which must match a node's labels for the Pod to be scheduled on that node. - /// More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] - pub node_selector: Option>, - /// If specified, the Pod will be dispatched by specified scheduler. - /// If not specified, the Pod will be dispatched by default scheduler. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulerName")] - pub scheduler_name: Option, - /// Allows Pods to be scheduled onto nodes with matching taints. - /// Each toleration in the array allows the Pod to tolerate node taints based on - /// specified `key`, `value`, `effect`, and `operator`. - /// - /// - /// - The `key`, `value`, and `effect` identify the taint that the toleration matches. - /// - The `operator` determines how the toleration matches the taint. - /// - /// - /// Pods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes. + pub items: Option>, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] - pub tolerations: Option>, - /// TopologySpreadConstraints describes how a group of Pods ought to spread across topology - /// domains. Scheduler will schedule Pods in a way which abides by the constraints. - /// All topologySpreadConstraints are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] - pub topology_spread_constraints: Option>, + pub name: Option, + /// optional specify whether the ConfigMap or its keys must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, } -/// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. +/// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinity { - /// Describes node affinity scheduling rules for the pod. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinity")] - pub node_affinity: Option, - /// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAffinity")] - pub pod_affinity: Option, - /// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAntiAffinity")] - pub pod_anti_affinity: Option, +pub struct ClusterShardingSpecsTemplateInstancesVolumesConfigMapItems { + /// key is the key to project. + pub key: String, + /// mode is Optional: mode bits used to set permissions on this file. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + /// path is the relative path of the file to map the key to. + /// May not be an absolute path. + /// May not contain the path element '..'. + /// May not start with the string '..'. + pub path: String, } -/// Describes node affinity scheduling rules for the pod. +/// csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityNodeAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy - /// the affinity expressions specified by this field, but it may choose - /// a node that violates one or more of the expressions. The node that is - /// most preferred is the one with the greatest sum of weights, i.e. - /// for each node that meets all of the scheduling requirements (resource - /// request, requiredDuringScheduling affinity expressions, etc.), - /// compute a sum by iterating through the elements of this field and adding - /// "weight" to the sum if the node matches the corresponding matchExpressions; the - /// node(s) with the highest sum are the most preferred. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] - pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the affinity requirements specified by this field are not met at - /// scheduling time, the pod will not be scheduled onto the node. - /// If the affinity requirements specified by this field cease to be met - /// at some point during pod execution (e.g. due to an update), the system - /// may or may not try to eventually evict the pod from its node. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] - pub required_during_scheduling_ignored_during_execution: Option, +pub struct ClusterShardingSpecsTemplateInstancesVolumesCsi { + /// driver is the name of the CSI driver that handles this volume. + /// Consult with your admin for the correct name as registered in the cluster. + pub driver: String, + /// fsType to mount. Ex. "ext4", "xfs", "ntfs". + /// If not provided, the empty value is passed to the associated CSI driver + /// which will determine the default filesystem to apply. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// nodePublishSecretRef is a reference to the secret object containing + /// sensitive information to pass to the CSI driver to complete the CSI + /// NodePublishVolume and NodeUnpublishVolume calls. + /// This field is optional, and may be empty if no secret is required. If the + /// secret object contains more than one secret, all secret references are passed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodePublishSecretRef")] + pub node_publish_secret_ref: Option, + /// readOnly specifies a read-only configuration for the volume. + /// Defaults to false (read/write). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// volumeAttributes stores driver-specific properties that are passed to the CSI + /// driver. Consult your driver's documentation for supported values. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributes")] + pub volume_attributes: Option>, } -/// An empty preferred scheduling term matches all objects with implicit weight 0 -/// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +/// nodePublishSecretRef is a reference to the secret object containing +/// sensitive information to pass to the CSI driver to complete the CSI +/// NodePublishVolume and NodeUnpublishVolume calls. +/// This field is optional, and may be empty if no secret is required. If the +/// secret object contains more than one secret, all secret references are passed. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution { - /// A node selector term, associated with the corresponding weight. - pub preference: ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference, - /// Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. - pub weight: i32, +pub struct ClusterShardingSpecsTemplateInstancesVolumesCsiNodePublishSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, } -/// A node selector term, associated with the corresponding weight. +/// downwardAPI represents downward API about the pod that should populate this volume #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference { - /// A list of node selector requirements by node's labels. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// A list of node selector requirements by node's fields. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] - pub match_fields: Option>, +pub struct ClusterShardingSpecsTemplateInstancesVolumesDownwardApi { + /// Optional: mode bits to use on created files by default. Must be a + /// Optional: mode bits used to set permissions on created files by default. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// Defaults to 0644. + /// Directories within the path are not affected by this setting. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + /// Items is a list of downward API volume file + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator -/// that relates the key and values. +/// DownwardAPIVolumeFile represents information to create the file containing the pod field #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions { - /// The label key that the selector applies to. - pub key: String, - /// Represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - pub operator: String, - /// An array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. If the operator is Gt or Lt, the values - /// array must have a single element, which will be interpreted as an integer. - /// This array is replaced during a strategic merge patch. +pub struct ClusterShardingSpecsTemplateInstancesVolumesDownwardApiItems { + /// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] + pub field_ref: Option, + /// Optional: mode bits used to set permissions on this file, must be an octal value + /// between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub mode: Option, + /// Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' + pub path: String, + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] + pub resource_field_ref: Option, } -/// A node selector requirement is a selector that contains values, a key, and an operator -/// that relates the key and values. +/// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields { - /// The label key that the selector applies to. - pub key: String, - /// Represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - pub operator: String, - /// An array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. If the operator is Gt or Lt, the values - /// array must have a single element, which will be interpreted as an integer. - /// This array is replaced during a strategic merge patch. +pub struct ClusterShardingSpecsTemplateInstancesVolumesDownwardApiItemsFieldRef { + /// Version of the schema the FieldPath is written in terms of, defaults to "v1". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Path of the field to select in the specified API version. + #[serde(rename = "fieldPath")] + pub field_path: String, +} + +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesVolumesDownwardApiItemsResourceFieldRef { + /// Container name: required for volumes, optional for env vars + #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] + pub container_name: Option, + /// Specifies the output format of the exposed resources, defaults to "1" #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub divisor: Option, + /// Required: resource to select + pub resource: String, } -/// If the affinity requirements specified by this field are not met at -/// scheduling time, the pod will not be scheduled onto the node. -/// If the affinity requirements specified by this field cease to be met -/// at some point during pod execution (e.g. due to an update), the system -/// may or may not try to eventually evict the pod from its node. +/// emptyDir represents a temporary directory that shares a pod's lifetime. +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// Required. A list of node selector terms. The terms are ORed. - #[serde(rename = "nodeSelectorTerms")] - pub node_selector_terms: Vec, +pub struct ClusterShardingSpecsTemplateInstancesVolumesEmptyDir { + /// medium represents what type of storage medium should back this directory. + /// The default is "" which means to use the node's default medium. + /// Must be an empty string (default) or Memory. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + #[serde(default, skip_serializing_if = "Option::is_none")] + pub medium: Option, + /// sizeLimit is the total amount of local storage required for this EmptyDir volume. + /// The size limit is also applicable for memory medium. + /// The maximum usage on memory medium EmptyDir would be the minimum value between + /// the SizeLimit specified here and the sum of memory limits of all containers in a pod. + /// The default is nil which means that the limit is undefined. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sizeLimit")] + pub size_limit: Option, } -/// A null or empty node selector term matches no objects. The requirements of -/// them are ANDed. -/// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +/// ephemeral represents a volume that is handled by a cluster storage driver. +/// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, +/// and deleted when the pod is removed. +/// +/// +/// Use this if: +/// a) the volume is only needed while the pod runs, +/// b) features of normal volumes like restoring from snapshot or capacity +/// tracking are needed, +/// c) the storage driver is specified through a storage class, and +/// d) the storage driver supports dynamic volume provisioning through +/// a PersistentVolumeClaim (see EphemeralVolumeSource for more +/// information on the connection between this volume type +/// and PersistentVolumeClaim). +/// +/// +/// Use PersistentVolumeClaim or one of the vendor-specific +/// APIs for volumes that persist for longer than the lifecycle +/// of an individual pod. +/// +/// +/// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to +/// be used that way - see the documentation of the driver for +/// more information. +/// +/// +/// A pod can use both types of ephemeral volumes and +/// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms { - /// A list of node selector requirements by node's labels. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// A list of node selector requirements by node's fields. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] - pub match_fields: Option>, +pub struct ClusterShardingSpecsTemplateInstancesVolumesEphemeral { + /// Will be used to create a stand-alone PVC to provision the volume. + /// The pod in which this EphemeralVolumeSource is embedded will be the + /// owner of the PVC, i.e. the PVC will be deleted together with the + /// pod. The name of the PVC will be `-` where + /// `` is the name from the `PodSpec.Volumes` array + /// entry. Pod validation will reject the pod if the concatenated name + /// is not valid for a PVC (for example, too long). + /// + /// + /// An existing PVC with that name that is not owned by the pod + /// will *not* be used for the pod to avoid using an unrelated + /// volume by mistake. Starting the pod is then blocked until + /// the unrelated PVC is removed. If such a pre-created PVC is + /// meant to be used by the pod, the PVC has to updated with an + /// owner reference to the pod once the pod exists. Normally + /// this should not be necessary, but it may be useful when + /// manually reconstructing a broken cluster. + /// + /// + /// This field is read-only and no changes will be made by Kubernetes + /// to the PVC after it has been created. + /// + /// + /// Required, must not be nil. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] + pub volume_claim_template: Option, } -/// A node selector requirement is a selector that contains values, a key, and an operator -/// that relates the key and values. +/// Will be used to create a stand-alone PVC to provision the volume. +/// The pod in which this EphemeralVolumeSource is embedded will be the +/// owner of the PVC, i.e. the PVC will be deleted together with the +/// pod. The name of the PVC will be `-` where +/// `` is the name from the `PodSpec.Volumes` array +/// entry. Pod validation will reject the pod if the concatenated name +/// is not valid for a PVC (for example, too long). +/// +/// +/// An existing PVC with that name that is not owned by the pod +/// will *not* be used for the pod to avoid using an unrelated +/// volume by mistake. Starting the pod is then blocked until +/// the unrelated PVC is removed. If such a pre-created PVC is +/// meant to be used by the pod, the PVC has to updated with an +/// owner reference to the pod once the pod exists. Normally +/// this should not be necessary, but it may be useful when +/// manually reconstructing a broken cluster. +/// +/// +/// This field is read-only and no changes will be made by Kubernetes +/// to the PVC after it has been created. +/// +/// +/// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions { - /// The label key that the selector applies to. - pub key: String, - /// Represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - pub operator: String, - /// An array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. If the operator is Gt or Lt, the values - /// array must have a single element, which will be interpreted as an integer. - /// This array is replaced during a strategic merge patch. +pub struct ClusterShardingSpecsTemplateInstancesVolumesEphemeralVolumeClaimTemplate { + /// May contain labels and annotations that will be copied into the PVC + /// when creating it. No other fields are allowed and will be rejected during + /// validation. #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub metadata: Option, + /// The specification for the PersistentVolumeClaim. The entire content is + /// copied unchanged into the PVC that gets created from this + /// template. The same fields as in a PersistentVolumeClaim + /// are also valid here. + pub spec: ClusterShardingSpecsTemplateInstancesVolumesEphemeralVolumeClaimTemplateSpec, } -/// A node selector requirement is a selector that contains values, a key, and an operator -/// that relates the key and values. +/// May contain labels and annotations that will be copied into the PVC +/// when creating it. No other fields are allowed and will be rejected during +/// validation. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields { - /// The label key that the selector applies to. - pub key: String, - /// Represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - pub operator: String, - /// An array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. If the operator is Gt or Lt, the values - /// array must have a single element, which will be interpreted as an integer. - /// This array is replaced during a strategic merge patch. +pub struct ClusterShardingSpecsTemplateInstancesVolumesEphemeralVolumeClaimTemplateMetadata { #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub annotations: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub finalizers: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub labels: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, } -/// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). +/// The specification for the PersistentVolumeClaim. The entire content is +/// copied unchanged into the PVC that gets created from this +/// template. The same fields as in a PersistentVolumeClaim +/// are also valid here. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy - /// the affinity expressions specified by this field, but it may choose - /// a node that violates one or more of the expressions. The node that is - /// most preferred is the one with the greatest sum of weights, i.e. - /// for each node that meets all of the scheduling requirements (resource - /// request, requiredDuringScheduling affinity expressions, etc.), - /// compute a sum by iterating through the elements of this field and adding - /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - /// node(s) with the highest sum are the most preferred. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] - pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the affinity requirements specified by this field are not met at - /// scheduling time, the pod will not be scheduled onto the node. - /// If the affinity requirements specified by this field cease to be met - /// at some point during pod execution (e.g. due to a pod label update), the - /// system may or may not try to eventually evict the pod from its node. - /// When there are multiple elements, the lists of nodes corresponding to each - /// podAffinityTerm are intersected, i.e. all terms must be satisfied. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] - pub required_during_scheduling_ignored_during_execution: Option>, +pub struct ClusterShardingSpecsTemplateInstancesVolumesEphemeralVolumeClaimTemplateSpec { + /// accessModes contains the desired access modes the volume should have. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] + pub access_modes: Option>, + /// dataSource field can be used to specify either: + /// * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + /// * An existing PVC (PersistentVolumeClaim) + /// If the provisioner or an external controller can support the specified data source, + /// it will create a new volume based on the contents of the specified data source. + /// When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + /// and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + /// If the namespace is specified, then dataSourceRef will not be copied to dataSource. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSource")] + pub data_source: Option, + /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + /// volume is desired. This may be any object from a non-empty API group (non + /// core object) or a PersistentVolumeClaim object. + /// When this field is specified, volume binding will only succeed if the type of + /// the specified object matches some installed volume populator or dynamic + /// provisioner. + /// This field will replace the functionality of the dataSource field and as such + /// if both fields are non-empty, they must have the same value. For backwards + /// compatibility, when namespace isn't specified in dataSourceRef, + /// both fields (dataSource and dataSourceRef) will be set to the same + /// value automatically if one of them is empty and the other is non-empty. + /// When namespace is specified in dataSourceRef, + /// dataSource isn't set to the same value and must be empty. + /// There are three important differences between dataSource and dataSourceRef: + /// * While dataSource only allows two specific types of objects, dataSourceRef + /// allows any non-core object, as well as PersistentVolumeClaim objects. + /// * While dataSource ignores disallowed values (dropping them), dataSourceRef + /// preserves all values, and generates an error if a disallowed value is + /// specified. + /// * While dataSource only allows local objects, dataSourceRef allows objects + /// in any namespaces. + /// (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + /// (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSourceRef")] + pub data_source_ref: Option, + /// resources represents the minimum resources the volume should have. + /// If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + /// that are lower than previous value but must still be higher than capacity recorded in the + /// status field of the claim. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, + /// selector is a label query over volumes to consider for binding. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// storageClassName is the name of the StorageClass required by the claim. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] + pub storage_class_name: Option, + /// volumeMode defines what type of volume is required by the claim. + /// Value of Filesystem is implied when not included in claim spec. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] + pub volume_mode: Option, + /// volumeName is the binding reference to the PersistentVolume backing this claim. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] + pub volume_name: Option, } -/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) +/// dataSource field can be used to specify either: +/// * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +/// * An existing PVC (PersistentVolumeClaim) +/// If the provisioner or an external controller can support the specified data source, +/// it will create a new volume based on the contents of the specified data source. +/// When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +/// and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +/// If the namespace is specified, then dataSourceRef will not be copied to dataSource. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution { - /// Required. A pod affinity term, associated with the corresponding weight. - #[serde(rename = "podAffinityTerm")] - pub pod_affinity_term: ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, - /// weight associated with matching the corresponding podAffinityTerm, - /// in the range 1-100. - pub weight: i32, +pub struct ClusterShardingSpecsTemplateInstancesVolumesEphemeralVolumeClaimTemplateSpecDataSource { + /// APIGroup is the group for the resource being referenced. + /// If APIGroup is not specified, the specified Kind must be in the core API group. + /// For any other third-party types, APIGroup is required. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] + pub api_group: Option, + /// Kind is the type of resource being referenced + pub kind: String, + /// Name is the name of resource being referenced + pub name: String, } -/// Required. A pod affinity term, associated with the corresponding weight. +/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +/// volume is desired. This may be any object from a non-empty API group (non +/// core object) or a PersistentVolumeClaim object. +/// When this field is specified, volume binding will only succeed if the type of +/// the specified object matches some installed volume populator or dynamic +/// provisioner. +/// This field will replace the functionality of the dataSource field and as such +/// if both fields are non-empty, they must have the same value. For backwards +/// compatibility, when namespace isn't specified in dataSourceRef, +/// both fields (dataSource and dataSourceRef) will be set to the same +/// value automatically if one of them is empty and the other is non-empty. +/// When namespace is specified in dataSourceRef, +/// dataSource isn't set to the same value and must be empty. +/// There are three important differences between dataSource and dataSourceRef: +/// * While dataSource only allows two specific types of objects, dataSourceRef +/// allows any non-core object, as well as PersistentVolumeClaim objects. +/// * While dataSource ignores disallowed values (dropping them), dataSourceRef +/// preserves all values, and generates an error if a disallowed value is +/// specified. +/// * While dataSource only allows local objects, dataSourceRef allows objects +/// in any namespaces. +/// (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +/// (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { - /// A label query over a set of resources, in this case pods. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] - pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. - /// The term is applied to the union of the namespaces selected by this field - /// and the ones listed in the namespaces field. - /// null selector and null or empty namespaces list means "this pod's namespace". - /// An empty selector ({}) matches all namespaces. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. - /// The term is applied to the union of the namespaces listed in this field - /// and the ones selected by namespaceSelector. - /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". +pub struct ClusterShardingSpecsTemplateInstancesVolumesEphemeralVolumeClaimTemplateSpecDataSourceRef { + /// APIGroup is the group for the resource being referenced. + /// If APIGroup is not specified, the specified Kind must be in the core API group. + /// For any other third-party types, APIGroup is required. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] + pub api_group: Option, + /// Kind is the type of resource being referenced + pub kind: String, + /// Name is the name of resource being referenced + pub name: String, + /// Namespace is the namespace of resource being referenced + /// Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + /// (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - /// the labelSelector in the specified namespaces, where co-located is defined as running on a node - /// whose value of the label with key topologyKey matches that of any node on which any of the - /// selected pods is running. - /// Empty topologyKey is not allowed. - #[serde(rename = "topologyKey")] - pub topology_key: String, + pub namespace: Option, } -/// A label query over a set of resources, in this case pods. +/// resources represents the minimum resources the volume should have. +/// If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +/// that are lower than previous value but must still be higher than capacity recorded in the +/// status field of the claim. +/// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterShardingSpecsTemplateInstancesVolumesEphemeralVolumeClaimTemplateSpecResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. +/// ResourceClaim references one entry in PodSpec.ResourceClaims. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, +pub struct ClusterShardingSpecsTemplateInstancesVolumesEphemeralVolumeClaimTemplateSpecResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. + pub name: String, } -/// A label query over the set of namespaces that the term applies to. -/// The term is applied to the union of the namespaces selected by this field -/// and the ones listed in the namespaces field. -/// null selector and null or empty namespaces list means "this pod's namespace". -/// An empty selector ({}) matches all namespaces. +/// selector is a label query over volumes to consider for binding. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { +pub struct ClusterShardingSpecsTemplateInstancesVolumesEphemeralVolumeClaimTemplateSpecSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, + pub match_expressions: Option>, /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels /// map is equivalent to an element of matchExpressions, whose key field is "key", the /// operator is "In", and the values array contains only "value". The requirements are ANDed. @@ -7003,7 +10134,7 @@ pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffin /// A label selector requirement is a selector that contains values, a key, and an operator that /// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { +pub struct ClusterShardingSpecsTemplateInstancesVolumesEphemeralVolumeClaimTemplateSpecSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, /// operator represents a key's relationship to a set of values. @@ -7017,1385 +10148,1292 @@ pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffin pub values: Option>, } -/// Defines a set of pods (namely those matching the labelSelector -/// relative to the given namespace(s)) that this pod should be -/// co-located (affinity) or not co-located (anti-affinity) with, -/// where co-located is defined as running on a node whose value of -/// the label with key matches that of any node on which -/// a pod of the set of pods is running +/// fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesVolumesFc { + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// TODO: how do we prevent errors in the filesystem from compromising the machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// lun is Optional: FC target lun number + #[serde(default, skip_serializing_if = "Option::is_none")] + pub lun: Option, + /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// targetWWNs is Optional: FC target worldwide names (WWNs) + #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetWWNs")] + pub target_ww_ns: Option>, + /// wwids Optional: FC volume world wide identifiers (wwids) + /// Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub wwids: Option>, +} + +/// flexVolume represents a generic volume resource that is +/// provisioned/attached using an exec based plugin. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesVolumesFlexVolume { + /// driver is the name of the driver to use for this volume. + pub driver: String, + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// options is Optional: this field holds extra command options if any. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub options: Option>, + /// readOnly is Optional: defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretRef is Optional: secretRef is reference to the secret object containing + /// sensitive information to pass to the plugin scripts. This may be + /// empty if no secret object is specified. If the secret object + /// contains more than one secret, all secrets are passed to the plugin + /// scripts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, +} + +/// secretRef is Optional: secretRef is reference to the secret object containing +/// sensitive information to pass to the plugin scripts. This may be +/// empty if no secret object is specified. If the secret object +/// contains more than one secret, all secrets are passed to the plugin +/// scripts. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesVolumesFlexVolumeSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesVolumesFlocker { + /// datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + /// should be considered as deprecated + #[serde(default, skip_serializing_if = "Option::is_none", rename = "datasetName")] + pub dataset_name: Option, + /// datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset + #[serde(default, skip_serializing_if = "Option::is_none", rename = "datasetUUID")] + pub dataset_uuid: Option, +} + +/// gcePersistentDisk represents a GCE Disk resource that is attached to a +/// kubelet's host machine and then exposed to the pod. +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesVolumesGcePersistentDisk { + /// fsType is filesystem type of the volume that you want to mount. + /// Tip: Ensure that the filesystem type is supported by the host operating system. + /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + /// TODO: how do we prevent errors in the filesystem from compromising the machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// partition is the partition in the volume that you want to mount. + /// If omitted, the default is to mount by volume name. + /// Examples: For volume /dev/sda1, you specify the partition as "1". + /// Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + #[serde(default, skip_serializing_if = "Option::is_none")] + pub partition: Option, + /// pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + #[serde(rename = "pdName")] + pub pd_name: String, + /// readOnly here will force the ReadOnly setting in VolumeMounts. + /// Defaults to false. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, +} + +/// gitRepo represents a git repository at a particular revision. +/// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +/// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +/// into the Pod's container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesVolumesGitRepo { + /// directory is the target directory name. + /// Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + /// git repository. Otherwise, if specified, the volume will contain the git repository in + /// the subdirectory with the given name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub directory: Option, + /// repository is the URL + pub repository: String, + /// revision is the commit hash for the specified revision. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub revision: Option, +} + +/// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +/// More info: https://examples.k8s.io/volumes/glusterfs/README.md +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesVolumesGlusterfs { + /// endpoints is the endpoint name that details Glusterfs topology. + /// More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + pub endpoints: String, + /// path is the Glusterfs volume path. + /// More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + pub path: String, + /// readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + /// Defaults to false. + /// More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, +} + +/// hostPath represents a pre-existing file or directory on the host +/// machine that is directly exposed to the container. This is generally +/// used for system agents or other privileged things that are allowed +/// to see the host machine. Most containers will NOT need this. +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +/// --- +/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not +/// mount host directories as read/write. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesVolumesHostPath { + /// path of the directory on the host. + /// If the path is a symlink, it will follow the link to the real path. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + pub path: String, + /// type for HostPath Volume + /// Defaults to "" + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + +/// iscsi represents an ISCSI Disk resource that is attached to a +/// kubelet's host machine and then exposed to the pod. +/// More info: https://examples.k8s.io/volumes/iscsi/README.md +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesVolumesIscsi { + /// chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication + #[serde(default, skip_serializing_if = "Option::is_none", rename = "chapAuthDiscovery")] + pub chap_auth_discovery: Option, + /// chapAuthSession defines whether support iSCSI Session CHAP authentication + #[serde(default, skip_serializing_if = "Option::is_none", rename = "chapAuthSession")] + pub chap_auth_session: Option, + /// fsType is the filesystem type of the volume that you want to mount. + /// Tip: Ensure that the filesystem type is supported by the host operating system. + /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + /// TODO: how do we prevent errors in the filesystem from compromising the machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// initiatorName is the custom iSCSI Initiator Name. + /// If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + /// : will be created for the connection. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "initiatorName")] + pub initiator_name: Option, + /// iqn is the target iSCSI Qualified Name. + pub iqn: String, + /// iscsiInterface is the interface Name that uses an iSCSI transport. + /// Defaults to 'default' (tcp). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "iscsiInterface")] + pub iscsi_interface: Option, + /// lun represents iSCSI Target Lun number. + pub lun: i32, + /// portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + /// is other than default (typically TCP ports 860 and 3260). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub portals: Option>, + /// readOnly here will force the ReadOnly setting in VolumeMounts. + /// Defaults to false. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretRef is the CHAP Secret for iSCSI target and initiator authentication + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, + /// targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + /// is other than default (typically TCP ports 860 and 3260). + #[serde(rename = "targetPortal")] + pub target_portal: String, +} + +/// secretRef is the CHAP Secret for iSCSI target and initiator authentication +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesVolumesIscsiSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// nfs represents an NFS mount on the host that shares a pod's lifetime +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesVolumesNfs { + /// path that is exported by the NFS server. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + pub path: String, + /// readOnly here will force the NFS export to be mounted with read-only permissions. + /// Defaults to false. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// server is the hostname or IP address of the NFS server. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + pub server: String, +} + +/// persistentVolumeClaimVolumeSource represents a reference to a +/// PersistentVolumeClaim in the same namespace. +/// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateInstancesVolumesPersistentVolumeClaim { + /// claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + #[serde(rename = "claimName")] + pub claim_name: String, + /// readOnly Will force the ReadOnly setting in VolumeMounts. + /// Default false. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, +} + +/// photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// A label query over a set of resources, in this case pods. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] - pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. - /// The term is applied to the union of the namespaces selected by this field - /// and the ones listed in the namespaces field. - /// null selector and null or empty namespaces list means "this pod's namespace". - /// An empty selector ({}) matches all namespaces. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. - /// The term is applied to the union of the namespaces listed in this field - /// and the ones selected by namespaceSelector. - /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". - #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - /// the labelSelector in the specified namespaces, where co-located is defined as running on a node - /// whose value of the label with key topologyKey matches that of any node on which any of the - /// selected pods is running. - /// Empty topologyKey is not allowed. - #[serde(rename = "topologyKey")] - pub topology_key: String, +pub struct ClusterShardingSpecsTemplateInstancesVolumesPhotonPersistentDisk { + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// pdID is the ID that identifies Photon Controller persistent disk + #[serde(rename = "pdID")] + pub pd_id: String, } -/// A label query over a set of resources, in this case pods. +/// portworxVolume represents a portworx volume attached and mounted on kubelets host machine #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterShardingSpecsTemplateInstancesVolumesPortworxVolume { + /// fSType represents the filesystem type to mount + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// readOnly defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// volumeID uniquely identifies a Portworx volume + #[serde(rename = "volumeID")] + pub volume_id: String, } -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. +/// projected items for all in one resources secrets, configmaps, and downward API #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. +pub struct ClusterShardingSpecsTemplateInstancesVolumesProjected { + /// defaultMode are the mode bits used to set permissions on created files by default. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// Directories within the path are not affected by this setting. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + /// sources is the list of volume projections #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub sources: Option>, } -/// A label query over the set of namespaces that the term applies to. -/// The term is applied to the union of the namespaces selected by this field -/// and the ones listed in the namespaces field. -/// null selector and null or empty namespaces list means "this pod's namespace". -/// An empty selector ({}) matches all namespaces. +/// Projection that may be projected along with other supported volume types #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterShardingSpecsTemplateInstancesVolumesProjectedSources { + /// configMap information about the configMap data to project + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// downwardAPI information about the downwardAPI data to project + #[serde(default, skip_serializing_if = "Option::is_none", rename = "downwardAPI")] + pub downward_api: Option, + /// secret information about the secret data to project + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, + /// serviceAccountToken is information about the serviceAccountToken data to project + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccountToken")] + pub service_account_token: Option, } -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. +/// configMap information about the configMap data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. +pub struct ClusterShardingSpecsTemplateInstancesVolumesProjectedSourcesConfigMap { + /// items if unspecified, each key-value pair in the Data field of the referenced + /// ConfigMap will be projected into the volume as a file whose name is the + /// key and content is the value. If specified, the listed keys will be + /// projected into the specified paths, and unlisted keys will not be + /// present. If a key is specified which is not present in the ConfigMap, + /// the volume setup will error unless it is marked optional. Paths must be + /// relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub items: Option>, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// optional specify whether the ConfigMap or its keys must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, } -/// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). +/// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy - /// the anti-affinity expressions specified by this field, but it may choose - /// a node that violates one or more of the expressions. The node that is - /// most preferred is the one with the greatest sum of weights, i.e. - /// for each node that meets all of the scheduling requirements (resource - /// request, requiredDuringScheduling anti-affinity expressions, etc.), - /// compute a sum by iterating through the elements of this field and adding - /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - /// node(s) with the highest sum are the most preferred. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] - pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the anti-affinity requirements specified by this field are not met at - /// scheduling time, the pod will not be scheduled onto the node. - /// If the anti-affinity requirements specified by this field cease to be met - /// at some point during pod execution (e.g. due to a pod label update), the - /// system may or may not try to eventually evict the pod from its node. - /// When there are multiple elements, the lists of nodes corresponding to each - /// podAffinityTerm are intersected, i.e. all terms must be satisfied. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] - pub required_during_scheduling_ignored_during_execution: Option>, +pub struct ClusterShardingSpecsTemplateInstancesVolumesProjectedSourcesConfigMapItems { + /// key is the key to project. + pub key: String, + /// mode is Optional: mode bits used to set permissions on this file. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + /// path is the relative path of the file to map the key to. + /// May not be an absolute path. + /// May not contain the path element '..'. + /// May not start with the string '..'. + pub path: String, } -/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) +/// downwardAPI information about the downwardAPI data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution { - /// Required. A pod affinity term, associated with the corresponding weight. - #[serde(rename = "podAffinityTerm")] - pub pod_affinity_term: ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, - /// weight associated with matching the corresponding podAffinityTerm, - /// in the range 1-100. - pub weight: i32, +pub struct ClusterShardingSpecsTemplateInstancesVolumesProjectedSourcesDownwardApi { + /// Items is a list of DownwardAPIVolume file + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, } -/// Required. A pod affinity term, associated with the corresponding weight. +/// DownwardAPIVolumeFile represents information to create the file containing the pod field #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { - /// A label query over a set of resources, in this case pods. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] - pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. - /// The term is applied to the union of the namespaces selected by this field - /// and the ones listed in the namespaces field. - /// null selector and null or empty namespaces list means "this pod's namespace". - /// An empty selector ({}) matches all namespaces. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. - /// The term is applied to the union of the namespaces listed in this field - /// and the ones selected by namespaceSelector. - /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". +pub struct ClusterShardingSpecsTemplateInstancesVolumesProjectedSourcesDownwardApiItems { + /// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] + pub field_ref: Option, + /// Optional: mode bits used to set permissions on this file, must be an octal value + /// between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - /// the labelSelector in the specified namespaces, where co-located is defined as running on a node - /// whose value of the label with key topologyKey matches that of any node on which any of the - /// selected pods is running. - /// Empty topologyKey is not allowed. - #[serde(rename = "topologyKey")] - pub topology_key: String, + pub mode: Option, + /// Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' + pub path: String, + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] + pub resource_field_ref: Option, } -/// A label query over a set of resources, in this case pods. +/// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterShardingSpecsTemplateInstancesVolumesProjectedSourcesDownwardApiItemsFieldRef { + /// Version of the schema the FieldPath is written in terms of, defaults to "v1". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Path of the field to select in the specified API version. + #[serde(rename = "fieldPath")] + pub field_path: String, } -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. +pub struct ClusterShardingSpecsTemplateInstancesVolumesProjectedSourcesDownwardApiItemsResourceFieldRef { + /// Container name: required for volumes, optional for env vars + #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] + pub container_name: Option, + /// Specifies the output format of the exposed resources, defaults to "1" #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub divisor: Option, + /// Required: resource to select + pub resource: String, } -/// A label query over the set of namespaces that the term applies to. -/// The term is applied to the union of the namespaces selected by this field -/// and the ones listed in the namespaces field. -/// null selector and null or empty namespaces list means "this pod's namespace". -/// An empty selector ({}) matches all namespaces. +/// secret information about the secret data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterShardingSpecsTemplateInstancesVolumesProjectedSourcesSecret { + /// items if unspecified, each key-value pair in the Data field of the referenced + /// Secret will be projected into the volume as a file whose name is the + /// key and content is the value. If specified, the listed keys will be + /// projected into the specified paths, and unlisted keys will not be + /// present. If a key is specified which is not present in the Secret, + /// the volume setup will error unless it is marked optional. Paths must be + /// relative and may not contain the '..' path or start with '..'. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// optional field specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, } -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. +/// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { - /// key is the label key that the selector applies to. +pub struct ClusterShardingSpecsTemplateInstancesVolumesProjectedSourcesSecretItems { + /// key is the key to project. pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. + /// mode is Optional: mode bits used to set permissions on this file. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub mode: Option, + /// path is the relative path of the file to map the key to. + /// May not be an absolute path. + /// May not contain the path element '..'. + /// May not start with the string '..'. + pub path: String, } -/// Defines a set of pods (namely those matching the labelSelector -/// relative to the given namespace(s)) that this pod should be -/// co-located (affinity) or not co-located (anti-affinity) with, -/// where co-located is defined as running on a node whose value of -/// the label with key matches that of any node on which -/// a pod of the set of pods is running +/// serviceAccountToken is information about the serviceAccountToken data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// A label query over a set of resources, in this case pods. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] - pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. - /// The term is applied to the union of the namespaces selected by this field - /// and the ones listed in the namespaces field. - /// null selector and null or empty namespaces list means "this pod's namespace". - /// An empty selector ({}) matches all namespaces. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. - /// The term is applied to the union of the namespaces listed in this field - /// and the ones selected by namespaceSelector. - /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". +pub struct ClusterShardingSpecsTemplateInstancesVolumesProjectedSourcesServiceAccountToken { + /// audience is the intended audience of the token. A recipient of a token + /// must identify itself with an identifier specified in the audience of the + /// token, and otherwise should reject the token. The audience defaults to the + /// identifier of the apiserver. #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - /// the labelSelector in the specified namespaces, where co-located is defined as running on a node - /// whose value of the label with key topologyKey matches that of any node on which any of the - /// selected pods is running. - /// Empty topologyKey is not allowed. - #[serde(rename = "topologyKey")] - pub topology_key: String, + pub audience: Option, + /// expirationSeconds is the requested duration of validity of the service + /// account token. As the token approaches expiration, the kubelet volume + /// plugin will proactively rotate the service account token. The kubelet will + /// start trying to rotate the token if the token is older than 80 percent of + /// its time to live or if the token is older than 24 hours.Defaults to 1 hour + /// and must be at least 10 minutes. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "expirationSeconds")] + pub expiration_seconds: Option, + /// path is the path relative to the mount point of the file to project the + /// token into. + pub path: String, } -/// A label query over a set of resources, in this case pods. +/// quobyte represents a Quobyte mount on the host that shares a pod's lifetime #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterShardingSpecsTemplateInstancesVolumesQuobyte { + /// group to map volume access to + /// Default is no group + #[serde(default, skip_serializing_if = "Option::is_none")] + pub group: Option, + /// readOnly here will force the Quobyte volume to be mounted with read-only permissions. + /// Defaults to false. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// registry represents a single or multiple Quobyte Registry services + /// specified as a string as host:port pair (multiple entries are separated with commas) + /// which acts as the central registry for volumes + pub registry: String, + /// tenant owning the given Quobyte volume in the Backend + /// Used with dynamically provisioned Quobyte volumes, value is set by the plugin + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tenant: Option, + /// user to map volume access to + /// Defaults to serivceaccount user + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, + /// volume is a string that references an already created Quobyte volume by name. + pub volume: String, } -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. +/// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +/// More info: https://examples.k8s.io/volumes/rbd/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. +pub struct ClusterShardingSpecsTemplateInstancesVolumesRbd { + /// fsType is the filesystem type of the volume that you want to mount. + /// Tip: Ensure that the filesystem type is supported by the host operating system. + /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + /// TODO: how do we prevent errors in the filesystem from compromising the machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// image is the rados image name. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + pub image: String, + /// keyring is the path to key ring for RBDUser. + /// Default is /etc/ceph/keyring. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub keyring: Option, + /// monitors is a collection of Ceph monitors. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + pub monitors: Vec, + /// pool is the rados pool name. + /// Default is rbd. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none")] + pub pool: Option, + /// readOnly here will force the ReadOnly setting in VolumeMounts. + /// Defaults to false. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretRef is name of the authentication secret for RBDUser. If provided + /// overrides keyring. + /// Default is nil. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, + /// user is the rados user name. + /// Default is admin. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, } -/// A label query over the set of namespaces that the term applies to. -/// The term is applied to the union of the namespaces selected by this field -/// and the ones listed in the namespaces field. -/// null selector and null or empty namespaces list means "this pod's namespace". -/// An empty selector ({}) matches all namespaces. +/// secretRef is name of the authentication secret for RBDUser. If provided +/// overrides keyring. +/// Default is nil. +/// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterShardingSpecsTemplateInstancesVolumesRbdSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, } -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. +/// scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, +pub struct ClusterShardingSpecsTemplateInstancesVolumesScaleIo { + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". + /// Default is "xfs". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// gateway is the host address of the ScaleIO API Gateway. + pub gateway: String, + /// protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "protectionDomain")] + pub protection_domain: Option, + /// readOnly Defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretRef references to the secret for ScaleIO user and other + /// sensitive information. If this is not provided, Login operation will fail. + #[serde(rename = "secretRef")] + pub secret_ref: ClusterShardingSpecsTemplateInstancesVolumesScaleIoSecretRef, + /// sslEnabled Flag enable/disable SSL communication with Gateway, default false + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sslEnabled")] + pub ssl_enabled: Option, + /// storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + /// Default is ThinProvisioned. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageMode")] + pub storage_mode: Option, + /// storagePool is the ScaleIO Storage Pool associated with the protection domain. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePool")] + pub storage_pool: Option, + /// system is the name of the storage system as configured in ScaleIO. + pub system: String, + /// volumeName is the name of a volume already created in the ScaleIO system + /// that is associated with this volume source. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] + pub volume_name: Option, } -/// The pod this Toleration is attached to tolerates any taint that matches -/// the triple using the matching operator . +/// secretRef references to the secret for ScaleIO user and other +/// sensitive information. If this is not provided, Login operation will fail. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyTolerations { - /// Effect indicates the taint effect to match. Empty means match all taint effects. - /// When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub effect: Option, - /// Key is the taint key that the toleration applies to. Empty means match all taint keys. - /// If the key is empty, operator must be Exists; this combination means to match all values and all keys. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub key: Option, - /// Operator represents a key's relationship to the value. - /// Valid operators are Exists and Equal. Defaults to Equal. - /// Exists is equivalent to wildcard for value, so that a pod can - /// tolerate all taints of a particular category. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub operator: Option, - /// TolerationSeconds represents the period of time the toleration (which must be - /// of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - /// it is not set, which means tolerate the taint forever (do not evict). Zero and - /// negative values will be treated as 0 (evict immediately) by the system. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] - pub toleration_seconds: Option, - /// Value is the taint value the toleration matches to. - /// If the operator is Exists, the value should be empty, otherwise just a regular string. +pub struct ClusterShardingSpecsTemplateInstancesVolumesScaleIoSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option, + pub name: Option, } -/// TopologySpreadConstraint specifies how to spread matching pods among the given topology. +/// secret represents a secret that should populate this volume. +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#secret #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyTopologySpreadConstraints { - /// LabelSelector is used to find matching pods. - /// Pods that match this label selector are counted to determine the number of pods - /// in their corresponding topology domain. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] - pub label_selector: Option, - /// MatchLabelKeys is a set of pod label keys to select the pods over which - /// spreading will be calculated. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are ANDed with labelSelector - /// to select the group of existing pods over which spreading will be calculated - /// for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// MatchLabelKeys cannot be set when LabelSelector isn't set. - /// Keys that don't exist in the incoming pod labels will - /// be ignored. A null or empty list means only match against labelSelector. - /// - /// - /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] - pub match_label_keys: Option>, - /// MaxSkew describes the degree to which pods may be unevenly distributed. - /// When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference - /// between the number of matching pods in the target topology and the global minimum. - /// The global minimum is the minimum number of matching pods in an eligible domain - /// or zero if the number of eligible domains is less than MinDomains. - /// For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - /// labelSelector spread as 2/2/1: - /// In this case, the global minimum is 1. - /// | zone1 | zone2 | zone3 | - /// | P P | P P | P | - /// - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; - /// scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) - /// violate MaxSkew(1). - /// - if MaxSkew is 2, incoming pod can be scheduled onto any zone. - /// When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence - /// to topologies that satisfy it. - /// It's a required field. Default value is 1 and 0 is not allowed. - #[serde(rename = "maxSkew")] - pub max_skew: i32, - /// MinDomains indicates a minimum number of eligible domains. - /// When the number of eligible domains with matching topology keys is less than minDomains, - /// Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. - /// And when the number of eligible domains with matching topology keys equals or greater than minDomains, - /// this value has no effect on scheduling. - /// As a result, when the number of eligible domains is less than minDomains, - /// scheduler won't schedule more than maxSkew Pods to those domains. - /// If value is nil, the constraint behaves as if MinDomains is equal to 1. - /// Valid values are integers greater than 0. - /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - /// - /// - /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same - /// labelSelector spread as 2/2/2: - /// | zone1 | zone2 | zone3 | - /// | P P | P P | P P | - /// The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. - /// In this situation, new pod with the same labelSelector cannot be scheduled, - /// because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, - /// it will violate MaxSkew. - /// - /// - /// This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "minDomains")] - pub min_domains: Option, - /// NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector - /// when calculating pod topology spread skew. Options are: - /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - /// - /// - /// If this value is nil, the behavior is equivalent to the Honor policy. - /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] - pub node_affinity_policy: Option, - /// NodeTaintsPolicy indicates how we will treat node taints when calculating - /// pod topology spread skew. Options are: - /// - Honor: nodes without taints, along with tainted nodes for which the incoming pod - /// has a toleration, are included. - /// - Ignore: node taints are ignored. All nodes are included. - /// - /// - /// If this value is nil, the behavior is equivalent to the Ignore policy. - /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] - pub node_taints_policy: Option, - /// TopologyKey is the key of node labels. Nodes that have a label with this key - /// and identical values are considered to be in the same topology. - /// We consider each as a "bucket", and try to put balanced number - /// of pods into each bucket. - /// We define a domain as a particular instance of a topology. - /// Also, we define an eligible domain as a domain whose nodes meet the requirements of - /// nodeAffinityPolicy and nodeTaintsPolicy. - /// e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. - /// And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. - /// It's a required field. - #[serde(rename = "topologyKey")] - pub topology_key: String, - /// WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy - /// the spread constraint. - /// - DoNotSchedule (default) tells the scheduler not to schedule it. - /// - ScheduleAnyway tells the scheduler to schedule the pod in any location, - /// but giving higher precedence to topologies that would help reduce the - /// skew. - /// A constraint is considered "Unsatisfiable" for an incoming pod - /// if and only if every possible node assignment for that pod would violate - /// "MaxSkew" on some topology. - /// For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - /// labelSelector spread as 3/1/1: - /// | zone1 | zone2 | zone3 | - /// | P P P | P | P | - /// If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled - /// to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies - /// MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler - /// won't make it *more* imbalanced. - /// It's a required field. - #[serde(rename = "whenUnsatisfiable")] - pub when_unsatisfiable: String, +pub struct ClusterShardingSpecsTemplateInstancesVolumesSecret { + /// defaultMode is Optional: mode bits used to set permissions on created files by default. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values + /// for mode bits. Defaults to 0644. + /// Directories within the path are not affected by this setting. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + /// items If unspecified, each key-value pair in the Data field of the referenced + /// Secret will be projected into the volume as a file whose name is the + /// key and content is the value. If specified, the listed keys will be + /// projected into the specified paths, and unlisted keys will not be + /// present. If a key is specified which is not present in the Secret, + /// the volume setup will error unless it is marked optional. Paths must be + /// relative and may not contain the '..' path or start with '..'. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + /// optional field specify whether the Secret or its keys must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, + /// secretName is the name of the secret in the pod's namespace to use. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] + pub secret_name: Option, } -/// LabelSelector is used to find matching pods. -/// Pods that match this label selector are counted to determine the number of pods -/// in their corresponding topology domain. +/// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyTopologySpreadConstraintsLabelSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterShardingSpecsTemplateInstancesVolumesSecretItems { + /// key is the key to project. + pub key: String, + /// mode is Optional: mode bits used to set permissions on this file. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + /// path is the relative path of the file to map the key to. + /// May not be an absolute path. + /// May not contain the path element '..'. + /// May not start with the string '..'. + pub path: String, } -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. +/// storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesSchedulingPolicyTopologySpreadConstraintsLabelSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, +pub struct ClusterShardingSpecsTemplateInstancesVolumesStorageos { + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// readOnly defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretRef specifies the secret to use for obtaining the StorageOS API + /// credentials. If not specified, default values will be attempted. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, + /// volumeName is the human-readable name of the StorageOS volume. Volume + /// names are only unique within a namespace. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] + pub volume_name: Option, + /// volumeNamespace specifies the scope of the volume within StorageOS. If no + /// namespace is specified then the Pod's namespace will be used. This allows the + /// Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + /// Set VolumeName to any name to override the default behaviour. + /// Set to "default" if you are not using namespaces within StorageOS. + /// Namespaces that do not pre-exist within StorageOS will be created. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeNamespace")] + pub volume_namespace: Option, } +/// secretRef specifies the secret to use for obtaining the StorageOS API +/// credentials. If not specified, default values will be attempted. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumeClaimTemplates { - /// Refers to the name of a volumeMount defined in either: - /// - /// - /// - `componentDefinition.spec.runtime.containers[*].volumeMounts` - /// - `clusterDefinition.spec.componentDefs[*].podSpec.containers[*].volumeMounts` (deprecated) - /// - /// - /// The value of `name` must match the `name` field of a volumeMount specified in the corresponding `volumeMounts` array. - pub name: String, - /// Defines the desired characteristics of a PersistentVolumeClaim that will be created for the volume - /// with the mount name specified in the `name` field. - /// - /// - /// When a Pod is created for this ClusterComponent, a new PVC will be created based on the specification - /// defined in the `spec` field. The PVC will be associated with the volume mount specified by the `name` field. +pub struct ClusterShardingSpecsTemplateInstancesVolumesStorageosSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] - pub spec: Option, + pub name: Option, } -/// Defines the desired characteristics of a PersistentVolumeClaim that will be created for the volume -/// with the mount name specified in the `name` field. -/// -/// -/// When a Pod is created for this ClusterComponent, a new PVC will be created based on the specification -/// defined in the `spec` field. The PVC will be associated with the volume mount specified by the `name` field. +/// vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumeClaimTemplatesSpec { - /// Contains the desired access modes the volume should have. - /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] - pub access_modes: Option>, - /// Represents the minimum resources the volume should have. - /// If the RecoverVolumeExpansionFailure feature is enabled, users are allowed to specify resource requirements that - /// are lower than the previous value but must still be higher than the capacity recorded in the status field of the claim. - /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub resources: Option, - /// The name of the StorageClass required by the claim. - /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] - pub storage_class_name: Option, - /// Defines what type of volume is required by the claim, either Block or Filesystem. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] - pub volume_mode: Option, +pub struct ClusterShardingSpecsTemplateInstancesVolumesVsphereVolume { + /// fsType is filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePolicyID")] + pub storage_policy_id: Option, + /// storagePolicyName is the storage Policy Based Management (SPBM) profile name. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePolicyName")] + pub storage_policy_name: Option, + /// volumePath is the path that identifies vSphere volume vmdk + #[serde(rename = "volumePath")] + pub volume_path: String, } -/// Represents the minimum resources the volume should have. -/// If the RecoverVolumeExpansionFailure feature is enabled, users are allowed to specify resource requirements that -/// are lower than the previous value but must still be higher than the capacity recorded in the status field of the claim. -/// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources. +/// Specifies the configuration for the TLS certificates issuer. +/// It allows defining the issuer name and the reference to the secret containing the TLS certificates and key. +/// The secret should contain the CA certificate, TLS certificate, and private key in the specified keys. +/// Required when TLS is enabled. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumeClaimTemplatesSpecResources { - /// Claims lists the names of resources, defined in spec.resourceClaims, - /// that are used by this container. - /// - /// - /// This is an alpha field and requires enabling the - /// DynamicResourceAllocation feature gate. +pub struct ClusterShardingSpecsTemplateIssuer { + /// The issuer for TLS certificates. + /// It only allows two enum values: `KubeBlocks` and `UserProvided`. /// /// - /// This field is immutable. It can only be set for containers. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub claims: Option>, - /// Limits describes the maximum amount of compute resources allowed. - /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - #[serde(default, skip_serializing_if = "Option::is_none")] - pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. - /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - /// otherwise to an implementation-defined value. Requests cannot exceed Limits. - /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - #[serde(default, skip_serializing_if = "Option::is_none")] - pub requests: Option>, -} - -/// ResourceClaim references one entry in PodSpec.ResourceClaims. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumeClaimTemplatesSpecResourcesClaims { - /// Name must match the name of one entry in pod.spec.resourceClaims of - /// the Pod where this field is used. It makes that resource available - /// inside a container. + /// - `KubeBlocks` indicates that the self-signed TLS certificates generated by the KubeBlocks Operator will be used. + /// - `UserProvided` means that the user is responsible for providing their own CA, Cert, and Key. + /// In this case, the user-provided CA certificate, server certificate, and private key will be used + /// for TLS communication. pub name: String, + /// SecretRef is the reference to the secret that contains user-provided certificates. + /// It is required when the issuer is set to `UserProvided`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, } -/// VolumeMount describes a mounting of a Volume within a container. +/// SecretRef is the reference to the secret that contains user-provided certificates. +/// It is required when the issuer is set to `UserProvided`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumeMounts { - /// Path within the container at which the volume should be mounted. Must - /// not contain ':'. - #[serde(rename = "mountPath")] - pub mount_path: String, - /// mountPropagation determines how mounts are propagated from the host - /// to container and the other way around. - /// When not set, MountPropagationNone is used. - /// This field is beta in 1.10. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPropagation")] - pub mount_propagation: Option, - /// This must match the Name of a Volume. +pub struct ClusterShardingSpecsTemplateIssuerSecretRef { + /// Key of CA cert in Secret + pub ca: String, + /// Key of Cert in Secret + pub cert: String, + /// Key of TLS private key in Secret + pub key: String, + /// Name of the Secret that contains user-provided certificates. pub name: String, - /// Mounted read-only if true, read-write otherwise (false or unspecified). - /// Defaults to false. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// Path within the volume from which the container's volume should be mounted. - /// Defaults to "" (volume's root). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] - pub sub_path: Option, - /// Expanded path within the volume from which the container's volume should be mounted. - /// Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. - /// Defaults to "" (volume's root). - /// SubPathExpr and SubPath are mutually exclusive. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPathExpr")] - pub sub_path_expr: Option, } -/// Volume represents a named volume in a pod that may be accessed by any container in the pod. +/// Specifies the resources required by the Component. +/// It allows defining the CPU, memory requirements and limits for the Component's containers. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumes { - /// awsElasticBlockStore represents an AWS Disk resource that is attached to a - /// kubelet's host machine and then exposed to the pod. - /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - #[serde(default, skip_serializing_if = "Option::is_none", rename = "awsElasticBlockStore")] - pub aws_elastic_block_store: Option, - /// azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "azureDisk")] - pub azure_disk: Option, - /// azureFile represents an Azure File Service mount on the host and bind mount to the pod. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "azureFile")] - pub azure_file: Option, - /// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cephfs: Option, - /// cinder represents a cinder volume attached and mounted on kubelets host machine. - /// More info: https://examples.k8s.io/mysql-cinder-pd/README.md - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cinder: Option, - /// configMap represents a configMap that should populate this volume - #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, - /// csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). - #[serde(default, skip_serializing_if = "Option::is_none")] - pub csi: Option, - /// downwardAPI represents downward API about the pod that should populate this volume - #[serde(default, skip_serializing_if = "Option::is_none", rename = "downwardAPI")] - pub downward_api: Option, - /// emptyDir represents a temporary directory that shares a pod's lifetime. - /// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDir")] - pub empty_dir: Option, - /// ephemeral represents a volume that is handled by a cluster storage driver. - /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, - /// and deleted when the pod is removed. - /// - /// - /// Use this if: - /// a) the volume is only needed while the pod runs, - /// b) features of normal volumes like restoring from snapshot or capacity - /// tracking are needed, - /// c) the storage driver is specified through a storage class, and - /// d) the storage driver supports dynamic volume provisioning through - /// a PersistentVolumeClaim (see EphemeralVolumeSource for more - /// information on the connection between this volume type - /// and PersistentVolumeClaim). - /// - /// - /// Use PersistentVolumeClaim or one of the vendor-specific - /// APIs for volumes that persist for longer than the lifecycle - /// of an individual pod. +pub struct ClusterShardingSpecsTemplateResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. /// /// - /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to - /// be used that way - see the documentation of the driver for - /// more information. + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. /// /// - /// A pod can use both types of ephemeral volumes and - /// persistent volumes at the same time. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub ephemeral: Option, - /// fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub fc: Option, - /// flexVolume represents a generic volume resource that is - /// provisioned/attached using an exec based plugin. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "flexVolume")] - pub flex_volume: Option, - /// flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running + /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] - pub flocker: Option, - /// gcePersistentDisk represents a GCE Disk resource that is attached to a - /// kubelet's host machine and then exposed to the pod. - /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - #[serde(default, skip_serializing_if = "Option::is_none", rename = "gcePersistentDisk")] - pub gce_persistent_disk: Option, - /// gitRepo represents a git repository at a particular revision. - /// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an - /// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir - /// into the Pod's container. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "gitRepo")] - pub git_repo: Option, - /// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. - /// More info: https://examples.k8s.io/volumes/glusterfs/README.md + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] - pub glusterfs: Option, - /// hostPath represents a pre-existing file or directory on the host - /// machine that is directly exposed to the container. This is generally - /// used for system agents or other privileged things that are allowed - /// to see the host machine. Most containers will NOT need this. - /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] - pub host_path: Option, - /// iscsi represents an ISCSI Disk resource that is attached to a - /// kubelet's host machine and then exposed to the pod. - /// More info: https://examples.k8s.io/volumes/iscsi/README.md + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] - pub iscsi: Option, - /// name of the volume. - /// Must be a DNS_LABEL and unique within the pod. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + pub requests: Option>, +} + +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. pub name: String, - /// nfs represents an NFS mount on the host that shares a pod's lifetime - /// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - #[serde(default, skip_serializing_if = "Option::is_none")] - pub nfs: Option, - /// persistentVolumeClaimVolumeSource represents a reference to a - /// PersistentVolumeClaim in the same namespace. - /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - #[serde(default, skip_serializing_if = "Option::is_none", rename = "persistentVolumeClaim")] - pub persistent_volume_claim: Option, - /// photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine - #[serde(default, skip_serializing_if = "Option::is_none", rename = "photonPersistentDisk")] - pub photon_persistent_disk: Option, - /// portworxVolume represents a portworx volume attached and mounted on kubelets host machine - #[serde(default, skip_serializing_if = "Option::is_none", rename = "portworxVolume")] - pub portworx_volume: Option, - /// projected items for all in one resources secrets, configmaps, and downward API - #[serde(default, skip_serializing_if = "Option::is_none")] - pub projected: Option, - /// quobyte represents a Quobyte mount on the host that shares a pod's lifetime - #[serde(default, skip_serializing_if = "Option::is_none")] - pub quobyte: Option, - /// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. - /// More info: https://examples.k8s.io/volumes/rbd/README.md - #[serde(default, skip_serializing_if = "Option::is_none")] - pub rbd: Option, - /// scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "scaleIO")] - pub scale_io: Option, - /// secret represents a secret that should populate this volume. - /// More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +} + +/// Specifies the scheduling policy for the Component. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateSchedulingPolicy { + /// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, - /// storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + pub affinity: Option, + /// NodeName is a request to schedule this Pod onto a specific node. If it is non-empty, + /// the scheduler simply schedules this Pod onto that node, assuming that it fits resource + /// requirements. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] + pub node_name: Option, + /// NodeSelector is a selector which must be true for the Pod to fit on a node. + /// Selector which must match a node's labels for the Pod to be scheduled on that node. + /// More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] + pub node_selector: Option>, + /// If specified, the Pod will be dispatched by specified scheduler. + /// If not specified, the Pod will be dispatched by default scheduler. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulerName")] + pub scheduler_name: Option, + /// Allows Pods to be scheduled onto nodes with matching taints. + /// Each toleration in the array allows the Pod to tolerate node taints based on + /// specified `key`, `value`, `effect`, and `operator`. + /// + /// + /// - The `key`, `value`, and `effect` identify the taint that the toleration matches. + /// - The `operator` determines how the toleration matches the taint. + /// + /// + /// Pods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes. #[serde(default, skip_serializing_if = "Option::is_none")] - pub storageos: Option, - /// vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine - #[serde(default, skip_serializing_if = "Option::is_none", rename = "vsphereVolume")] - pub vsphere_volume: Option, + pub tolerations: Option>, + /// TopologySpreadConstraints describes how a group of Pods ought to spread across topology + /// domains. Scheduler will schedule Pods in a way which abides by the constraints. + /// All topologySpreadConstraints are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] + pub topology_spread_constraints: Option>, } -/// awsElasticBlockStore represents an AWS Disk resource that is attached to a -/// kubelet's host machine and then exposed to the pod. -/// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +/// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesAwsElasticBlockStore { - /// fsType is the filesystem type of the volume that you want to mount. - /// Tip: Ensure that the filesystem type is supported by the host operating system. - /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] - pub fs_type: Option, - /// partition is the partition in the volume that you want to mount. - /// If omitted, the default is to mount by volume name. - /// Examples: For volume /dev/sda1, you specify the partition as "1". - /// Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - #[serde(default, skip_serializing_if = "Option::is_none")] - pub partition: Option, - /// readOnly value true will force the readOnly setting in VolumeMounts. - /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). - /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - #[serde(rename = "volumeID")] - pub volume_id: String, +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinity { + /// Describes node affinity scheduling rules for the pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinity")] + pub node_affinity: Option, + /// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAffinity")] + pub pod_affinity: Option, + /// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAntiAffinity")] + pub pod_anti_affinity: Option, } -/// azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. +/// Describes node affinity scheduling rules for the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesAzureDisk { - /// cachingMode is the Host Caching mode: None, Read Only, Read Write. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "cachingMode")] - pub caching_mode: Option, - /// diskName is the Name of the data disk in the blob storage - #[serde(rename = "diskName")] - pub disk_name: String, - /// diskURI is the URI of data disk in the blob storage - #[serde(rename = "diskURI")] - pub disk_uri: String, - /// fsType is Filesystem type to mount. - /// Must be a filesystem type supported by the host operating system. - /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] - pub fs_type: Option, - /// kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kind: Option, - /// readOnly Defaults to false (read/write). ReadOnly here will force - /// the ReadOnly setting in VolumeMounts. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityNodeAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node matches the corresponding matchExpressions; the + /// node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to an update), the system + /// may or may not try to eventually evict the pod from its node. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option, } -/// azureFile represents an Azure File Service mount on the host and bind mount to the pod. +/// An empty preferred scheduling term matches all objects with implicit weight 0 +/// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesAzureFile { - /// readOnly defaults to false (read/write). ReadOnly here will force - /// the ReadOnly setting in VolumeMounts. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// secretName is the name of secret that contains Azure Storage Account Name and Key - #[serde(rename = "secretName")] - pub secret_name: String, - /// shareName is the azure share Name - #[serde(rename = "shareName")] - pub share_name: String, +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// A node selector term, associated with the corresponding weight. + pub preference: ClusterShardingSpecsTemplateSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference, + /// Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + pub weight: i32, +} + +/// A node selector term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference { + /// A list of node selector requirements by node's labels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// A list of node selector requirements by node's fields. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] + pub match_fields: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, } -/// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesCephfs { - /// monitors is Required: Monitors is a collection of Ceph monitors - /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - pub monitors: Vec, - /// path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / - #[serde(default, skip_serializing_if = "Option::is_none")] - pub path: Option, - /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - /// the ReadOnly setting in VolumeMounts. - /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret - /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretFile")] - pub secret_file: Option, - /// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. - /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] - pub secret_ref: Option, - /// user is optional: User is the rados user name, default is admin - /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub user: Option, + pub values: Option>, } -/// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. -/// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +/// If the affinity requirements specified by this field are not met at +/// scheduling time, the pod will not be scheduled onto the node. +/// If the affinity requirements specified by this field cease to be met +/// at some point during pod execution (e.g. due to an update), the system +/// may or may not try to eventually evict the pod from its node. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesCephfsSecretRef { - /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Add other useful fields. apiVersion, kind, uid? - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// Required. A list of node selector terms. The terms are ORed. + #[serde(rename = "nodeSelectorTerms")] + pub node_selector_terms: Vec, } -/// cinder represents a cinder volume attached and mounted on kubelets host machine. -/// More info: https://examples.k8s.io/mysql-cinder-pd/README.md +/// A null or empty node selector term matches no objects. The requirements of +/// them are ANDed. +/// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesCinder { - /// fsType is the filesystem type to mount. - /// Must be a filesystem type supported by the host operating system. - /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// More info: https://examples.k8s.io/mysql-cinder-pd/README.md - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] - pub fs_type: Option, - /// readOnly defaults to false (read/write). ReadOnly here will force - /// the ReadOnly setting in VolumeMounts. - /// More info: https://examples.k8s.io/mysql-cinder-pd/README.md - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// secretRef is optional: points to a secret object containing parameters used to connect - /// to OpenStack. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] - pub secret_ref: Option, - /// volumeID used to identify the volume in cinder. - /// More info: https://examples.k8s.io/mysql-cinder-pd/README.md - #[serde(rename = "volumeID")] - pub volume_id: String, +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms { + /// A list of node selector requirements by node's labels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// A list of node selector requirements by node's fields. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] + pub match_fields: Option>, } -/// secretRef is optional: points to a secret object containing parameters used to connect -/// to OpenStack. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesCinderSecretRef { - /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Add other useful fields. apiVersion, kind, uid? +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub values: Option>, } -/// configMap represents a configMap that should populate this volume +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesConfigMap { - /// defaultMode is optional: mode bits used to set permissions on created files by default. - /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - /// Defaults to 0644. - /// Directories within the path are not affected by this setting. - /// This might be in conflict with other options that affect the file - /// mode, like fsGroup, and the result can be other mode bits set. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] - pub default_mode: Option, - /// items if unspecified, each key-value pair in the Data field of the referenced - /// ConfigMap will be projected into the volume as a file whose name is the - /// key and content is the value. If specified, the listed keys will be - /// projected into the specified paths, and unlisted keys will not be - /// present. If a key is specified which is not present in the ConfigMap, - /// the volume setup will error unless it is marked optional. Paths must be - /// relative and may not contain the '..' path or start with '..'. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub items: Option>, - /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Add other useful fields. apiVersion, kind, uid? - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// optional specify whether the ConfigMap or its keys must be defined +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, + pub values: Option>, } -/// Maps a string key to a path within a volume. +/// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesConfigMapItems { - /// key is the key to project. - pub key: String, - /// mode is Optional: mode bits used to set permissions on this file. - /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - /// If not specified, the volume defaultMode will be used. - /// This might be in conflict with other options that affect the file - /// mode, like fsGroup, and the result can be other mode bits set. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub mode: Option, - /// path is the relative path of the file to map the key to. - /// May not be an absolute path. - /// May not contain the path element '..'. - /// May not start with the string '..'. - pub path: String, +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + /// node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to a pod label update), the + /// system may or may not try to eventually evict the pod from its node. + /// When there are multiple elements, the lists of nodes corresponding to each + /// podAffinityTerm are intersected, i.e. all terms must be satisfied. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option>, } -/// csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). +/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesCsi { - /// driver is the name of the CSI driver that handles this volume. - /// Consult with your admin for the correct name as registered in the cluster. - pub driver: String, - /// fsType to mount. Ex. "ext4", "xfs", "ntfs". - /// If not provided, the empty value is passed to the associated CSI driver - /// which will determine the default filesystem to apply. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] - pub fs_type: Option, - /// nodePublishSecretRef is a reference to the secret object containing - /// sensitive information to pass to the CSI driver to complete the CSI - /// NodePublishVolume and NodeUnpublishVolume calls. - /// This field is optional, and may be empty if no secret is required. If the - /// secret object contains more than one secret, all secret references are passed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodePublishSecretRef")] - pub node_publish_secret_ref: Option, - /// readOnly specifies a read-only configuration for the volume. - /// Defaults to false (read/write). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// volumeAttributes stores driver-specific properties that are passed to the CSI - /// driver. Consult your driver's documentation for supported values. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributes")] - pub volume_attributes: Option>, +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// Required. A pod affinity term, associated with the corresponding weight. + #[serde(rename = "podAffinityTerm")] + pub pod_affinity_term: ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, + /// weight associated with matching the corresponding podAffinityTerm, + /// in the range 1-100. + pub weight: i32, } -/// nodePublishSecretRef is a reference to the secret object containing -/// sensitive information to pass to the CSI driver to complete the CSI -/// NodePublishVolume and NodeUnpublishVolume calls. -/// This field is optional, and may be empty if no secret is required. If the -/// secret object contains more than one secret, all secret references are passed. +/// Required. A pod affinity term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesCsiNodePublishSecretRef { - /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Add other useful fields. apiVersion, kind, uid? +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, } -/// downwardAPI represents downward API about the pod that should populate this volume +/// A label query over a set of resources, in this case pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesDownwardApi { - /// Optional: mode bits to use on created files by default. Must be a - /// Optional: mode bits used to set permissions on created files by default. - /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - /// Defaults to 0644. - /// Directories within the path are not affected by this setting. - /// This might be in conflict with other options that affect the file - /// mode, like fsGroup, and the result can be other mode bits set. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] - pub default_mode: Option, - /// Items is a list of downward API volume file - #[serde(default, skip_serializing_if = "Option::is_none")] - pub items: Option>, +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, } -/// DownwardAPIVolumeFile represents information to create the file containing the pod field +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesDownwardApiItems { - /// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] - pub field_ref: Option, - /// Optional: mode bits used to set permissions on this file, must be an octal value - /// between 0000 and 0777 or a decimal value between 0 and 511. - /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - /// If not specified, the volume defaultMode will be used. - /// This might be in conflict with other options that affect the file - /// mode, like fsGroup, and the result can be other mode bits set. +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub mode: Option, - /// Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' - pub path: String, - /// Selects a resource of the container: only resources limits and requests - /// (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] - pub resource_field_ref: Option, + pub values: Option>, } -/// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesDownwardApiItemsFieldRef { - /// Version of the schema the FieldPath is written in terms of, defaults to "v1". - #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] - pub api_version: Option, - /// Path of the field to select in the specified API version. - #[serde(rename = "fieldPath")] - pub field_path: String, +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, } -/// Selects a resource of the container: only resources limits and requests -/// (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesDownwardApiItemsResourceFieldRef { - /// Container name: required for volumes, optional for env vars - #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] - pub container_name: Option, - /// Specifies the output format of the exposed resources, defaults to "1" +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub divisor: Option, - /// Required: resource to select - pub resource: String, + pub values: Option>, } -/// emptyDir represents a temporary directory that shares a pod's lifetime. -/// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +/// Defines a set of pods (namely those matching the labelSelector +/// relative to the given namespace(s)) that this pod should be +/// co-located (affinity) or not co-located (anti-affinity) with, +/// where co-located is defined as running on a node whose value of +/// the label with key matches that of any node on which +/// a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesEmptyDir { - /// medium represents what type of storage medium should back this directory. - /// The default is "" which means to use the node's default medium. - /// Must be an empty string (default) or Memory. - /// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] - pub medium: Option, - /// sizeLimit is the total amount of local storage required for this EmptyDir volume. - /// The size limit is also applicable for memory medium. - /// The maximum usage on memory medium EmptyDir would be the minimum value between - /// the SizeLimit specified here and the sum of memory limits of all containers in a pod. - /// The default is nil which means that the limit is undefined. - /// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - #[serde(default, skip_serializing_if = "Option::is_none", rename = "sizeLimit")] - pub size_limit: Option, + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, } -/// ephemeral represents a volume that is handled by a cluster storage driver. -/// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, -/// and deleted when the pod is removed. -/// -/// -/// Use this if: -/// a) the volume is only needed while the pod runs, -/// b) features of normal volumes like restoring from snapshot or capacity -/// tracking are needed, -/// c) the storage driver is specified through a storage class, and -/// d) the storage driver supports dynamic volume provisioning through -/// a PersistentVolumeClaim (see EphemeralVolumeSource for more -/// information on the connection between this volume type -/// and PersistentVolumeClaim). -/// -/// -/// Use PersistentVolumeClaim or one of the vendor-specific -/// APIs for volumes that persist for longer than the lifecycle -/// of an individual pod. -/// -/// -/// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to -/// be used that way - see the documentation of the driver for -/// more information. -/// -/// -/// A pod can use both types of ephemeral volumes and -/// persistent volumes at the same time. +/// A label query over a set of resources, in this case pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesEphemeral { - /// Will be used to create a stand-alone PVC to provision the volume. - /// The pod in which this EphemeralVolumeSource is embedded will be the - /// owner of the PVC, i.e. the PVC will be deleted together with the - /// pod. The name of the PVC will be `-` where - /// `` is the name from the `PodSpec.Volumes` array - /// entry. Pod validation will reject the pod if the concatenated name - /// is not valid for a PVC (for example, too long). - /// - /// - /// An existing PVC with that name that is not owned by the pod - /// will *not* be used for the pod to avoid using an unrelated - /// volume by mistake. Starting the pod is then blocked until - /// the unrelated PVC is removed. If such a pre-created PVC is - /// meant to be used by the pod, the PVC has to updated with an - /// owner reference to the pod once the pod exists. Normally - /// this should not be necessary, but it may be useful when - /// manually reconstructing a broken cluster. - /// - /// - /// This field is read-only and no changes will be made by Kubernetes - /// to the PVC after it has been created. - /// - /// - /// Required, must not be nil. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] - pub volume_claim_template: Option, +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, } -/// Will be used to create a stand-alone PVC to provision the volume. -/// The pod in which this EphemeralVolumeSource is embedded will be the -/// owner of the PVC, i.e. the PVC will be deleted together with the -/// pod. The name of the PVC will be `-` where -/// `` is the name from the `PodSpec.Volumes` array -/// entry. Pod validation will reject the pod if the concatenated name -/// is not valid for a PVC (for example, too long). -/// -/// -/// An existing PVC with that name that is not owned by the pod -/// will *not* be used for the pod to avoid using an unrelated -/// volume by mistake. Starting the pod is then blocked until -/// the unrelated PVC is removed. If such a pre-created PVC is -/// meant to be used by the pod, the PVC has to updated with an -/// owner reference to the pod once the pod exists. Normally -/// this should not be necessary, but it may be useful when -/// manually reconstructing a broken cluster. -/// -/// -/// This field is read-only and no changes will be made by Kubernetes -/// to the PVC after it has been created. -/// -/// -/// Required, must not be nil. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesEphemeralVolumeClaimTemplate { - /// May contain labels and annotations that will be copied into the PVC - /// when creating it. No other fields are allowed and will be rejected during - /// validation. +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub metadata: Option, - /// The specification for the PersistentVolumeClaim. The entire content is - /// copied unchanged into the PVC that gets created from this - /// template. The same fields as in a PersistentVolumeClaim - /// are also valid here. - pub spec: ClusterShardingSpecsTemplateInstancesVolumesEphemeralVolumeClaimTemplateSpec, + pub values: Option>, } -/// May contain labels and annotations that will be copied into the PVC -/// when creating it. No other fields are allowed and will be rejected during -/// validation. +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesEphemeralVolumeClaimTemplateMetadata { - #[serde(default, skip_serializing_if = "Option::is_none")] - pub annotations: Option>, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub finalizers: Option>, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub labels: Option>, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespace: Option, +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, } -/// The specification for the PersistentVolumeClaim. The entire content is -/// copied unchanged into the PVC that gets created from this -/// template. The same fields as in a PersistentVolumeClaim -/// are also valid here. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesEphemeralVolumeClaimTemplateSpec { - /// accessModes contains the desired access modes the volume should have. - /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] - pub access_modes: Option>, - /// dataSource field can be used to specify either: - /// * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - /// * An existing PVC (PersistentVolumeClaim) - /// If the provisioner or an external controller can support the specified data source, - /// it will create a new volume based on the contents of the specified data source. - /// When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - /// and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - /// If the namespace is specified, then dataSourceRef will not be copied to dataSource. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSource")] - pub data_source: Option, - /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - /// volume is desired. This may be any object from a non-empty API group (non - /// core object) or a PersistentVolumeClaim object. - /// When this field is specified, volume binding will only succeed if the type of - /// the specified object matches some installed volume populator or dynamic - /// provisioner. - /// This field will replace the functionality of the dataSource field and as such - /// if both fields are non-empty, they must have the same value. For backwards - /// compatibility, when namespace isn't specified in dataSourceRef, - /// both fields (dataSource and dataSourceRef) will be set to the same - /// value automatically if one of them is empty and the other is non-empty. - /// When namespace is specified in dataSourceRef, - /// dataSource isn't set to the same value and must be empty. - /// There are three important differences between dataSource and dataSourceRef: - /// * While dataSource only allows two specific types of objects, dataSourceRef - /// allows any non-core object, as well as PersistentVolumeClaim objects. - /// * While dataSource ignores disallowed values (dropping them), dataSourceRef - /// preserves all values, and generates an error if a disallowed value is - /// specified. - /// * While dataSource only allows local objects, dataSourceRef allows objects - /// in any namespaces. - /// (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - /// (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSourceRef")] - pub data_source_ref: Option, - /// resources represents the minimum resources the volume should have. - /// If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - /// that are lower than previous value but must still be higher than capacity recorded in the - /// status field of the claim. - /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - #[serde(default, skip_serializing_if = "Option::is_none")] - pub resources: Option, - /// selector is a label query over volumes to consider for binding. +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub selector: Option, - /// storageClassName is the name of the StorageClass required by the claim. - /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] - pub storage_class_name: Option, - /// volumeMode defines what type of volume is required by the claim. - /// Value of Filesystem is implied when not included in claim spec. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] - pub volume_mode: Option, - /// volumeName is the binding reference to the PersistentVolume backing this claim. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] - pub volume_name: Option, + pub values: Option>, } -/// dataSource field can be used to specify either: -/// * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) -/// * An existing PVC (PersistentVolumeClaim) -/// If the provisioner or an external controller can support the specified data source, -/// it will create a new volume based on the contents of the specified data source. -/// When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, -/// and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. -/// If the namespace is specified, then dataSourceRef will not be copied to dataSource. +/// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesEphemeralVolumeClaimTemplateSpecDataSource { - /// APIGroup is the group for the resource being referenced. - /// If APIGroup is not specified, the specified Kind must be in the core API group. - /// For any other third-party types, APIGroup is required. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] - pub api_group: Option, - /// Kind is the type of resource being referenced - pub kind: String, - /// Name is the name of resource being referenced - pub name: String, +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAntiAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the anti-affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling anti-affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + /// node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the anti-affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the anti-affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to a pod label update), the + /// system may or may not try to eventually evict the pod from its node. + /// When there are multiple elements, the lists of nodes corresponding to each + /// podAffinityTerm are intersected, i.e. all terms must be satisfied. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option>, } -/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty -/// volume is desired. This may be any object from a non-empty API group (non -/// core object) or a PersistentVolumeClaim object. -/// When this field is specified, volume binding will only succeed if the type of -/// the specified object matches some installed volume populator or dynamic -/// provisioner. -/// This field will replace the functionality of the dataSource field and as such -/// if both fields are non-empty, they must have the same value. For backwards -/// compatibility, when namespace isn't specified in dataSourceRef, -/// both fields (dataSource and dataSourceRef) will be set to the same -/// value automatically if one of them is empty and the other is non-empty. -/// When namespace is specified in dataSourceRef, -/// dataSource isn't set to the same value and must be empty. -/// There are three important differences between dataSource and dataSourceRef: -/// * While dataSource only allows two specific types of objects, dataSourceRef -/// allows any non-core object, as well as PersistentVolumeClaim objects. -/// * While dataSource ignores disallowed values (dropping them), dataSourceRef -/// preserves all values, and generates an error if a disallowed value is -/// specified. -/// * While dataSource only allows local objects, dataSourceRef allows objects -/// in any namespaces. -/// (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. -/// (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesEphemeralVolumeClaimTemplateSpecDataSourceRef { - /// APIGroup is the group for the resource being referenced. - /// If APIGroup is not specified, the specified Kind must be in the core API group. - /// For any other third-party types, APIGroup is required. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] - pub api_group: Option, - /// Kind is the type of resource being referenced - pub kind: String, - /// Name is the name of resource being referenced - pub name: String, - /// Namespace is the namespace of resource being referenced - /// Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - /// (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespace: Option, +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// Required. A pod affinity term, associated with the corresponding weight. + #[serde(rename = "podAffinityTerm")] + pub pod_affinity_term: ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, + /// weight associated with matching the corresponding podAffinityTerm, + /// in the range 1-100. + pub weight: i32, } -/// resources represents the minimum resources the volume should have. -/// If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements -/// that are lower than previous value but must still be higher than capacity recorded in the -/// status field of the claim. -/// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +/// Required. A pod affinity term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesEphemeralVolumeClaimTemplateSpecResources { - /// Claims lists the names of resources, defined in spec.resourceClaims, - /// that are used by this container. - /// - /// - /// This is an alpha field and requires enabling the - /// DynamicResourceAllocation feature gate. - /// - /// - /// This field is immutable. It can only be set for containers. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub claims: Option>, - /// Limits describes the maximum amount of compute resources allowed. - /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - #[serde(default, skip_serializing_if = "Option::is_none")] - pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. - /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - /// otherwise to an implementation-defined value. Requests cannot exceed Limits. - /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] - pub requests: Option>, -} - -/// ResourceClaim references one entry in PodSpec.ResourceClaims. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesEphemeralVolumeClaimTemplateSpecResourcesClaims { - /// Name must match the name of one entry in pod.spec.resourceClaims of - /// the Pod where this field is used. It makes that resource available - /// inside a container. - pub name: String, + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, } -/// selector is a label query over volumes to consider for binding. +/// A label query over a set of resources, in this case pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesEphemeralVolumeClaimTemplateSpecSelector { +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, + pub match_expressions: Option>, /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels /// map is equivalent to an element of matchExpressions, whose key field is "key", the /// operator is "In", and the values array contains only "value". The requirements are ANDed. @@ -8406,7 +11444,7 @@ pub struct ClusterShardingSpecsTemplateInstancesVolumesEphemeralVolumeClaimTempl /// A label selector requirement is a selector that contains values, a key, and an operator that /// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesEphemeralVolumeClaimTemplateSpecSelectorMatchExpressions { +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, /// operator represents a key's relationship to a set of values. @@ -8420,625 +11458,714 @@ pub struct ClusterShardingSpecsTemplateInstancesVolumesEphemeralVolumeClaimTempl pub values: Option>, } -/// fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesFc { - /// fsType is the filesystem type to mount. - /// Must be a filesystem type supported by the host operating system. - /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] - pub fs_type: Option, - /// lun is Optional: FC target lun number - #[serde(default, skip_serializing_if = "Option::is_none")] - pub lun: Option, - /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - /// the ReadOnly setting in VolumeMounts. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// targetWWNs is Optional: FC target worldwide names (WWNs) - #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetWWNs")] - pub target_ww_ns: Option>, - /// wwids Optional: FC volume world wide identifiers (wwids) - /// Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub wwids: Option>, -} - -/// flexVolume represents a generic volume resource that is -/// provisioned/attached using an exec based plugin. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesFlexVolume { - /// driver is the name of the driver to use for this volume. - pub driver: String, - /// fsType is the filesystem type to mount. - /// Must be a filesystem type supported by the host operating system. - /// Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] - pub fs_type: Option, - /// options is Optional: this field holds extra command options if any. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub options: Option>, - /// readOnly is Optional: defaults to false (read/write). ReadOnly here will force - /// the ReadOnly setting in VolumeMounts. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// secretRef is Optional: secretRef is reference to the secret object containing - /// sensitive information to pass to the plugin scripts. This may be - /// empty if no secret object is specified. If the secret object - /// contains more than one secret, all secrets are passed to the plugin - /// scripts. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] - pub secret_ref: Option, -} - -/// secretRef is Optional: secretRef is reference to the secret object containing -/// sensitive information to pass to the plugin scripts. This may be -/// empty if no secret object is specified. If the secret object -/// contains more than one secret, all secrets are passed to the plugin -/// scripts. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesFlexVolumeSecretRef { - /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Add other useful fields. apiVersion, kind, uid? - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, -} - -/// flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesFlocker { - /// datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker - /// should be considered as deprecated - #[serde(default, skip_serializing_if = "Option::is_none", rename = "datasetName")] - pub dataset_name: Option, - /// datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset - #[serde(default, skip_serializing_if = "Option::is_none", rename = "datasetUUID")] - pub dataset_uuid: Option, +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, } -/// gcePersistentDisk represents a GCE Disk resource that is attached to a -/// kubelet's host machine and then exposed to the pod. -/// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesGcePersistentDisk { - /// fsType is filesystem type of the volume that you want to mount. - /// Tip: Ensure that the filesystem type is supported by the host operating system. - /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] - pub fs_type: Option, - /// partition is the partition in the volume that you want to mount. - /// If omitted, the default is to mount by volume name. - /// Examples: For volume /dev/sda1, you specify the partition as "1". - /// Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub partition: Option, - /// pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. - /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - #[serde(rename = "pdName")] - pub pd_name: String, - /// readOnly here will force the ReadOnly setting in VolumeMounts. - /// Defaults to false. - /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, + pub values: Option>, } -/// gitRepo represents a git repository at a particular revision. -/// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an -/// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir -/// into the Pod's container. +/// Defines a set of pods (namely those matching the labelSelector +/// relative to the given namespace(s)) that this pod should be +/// co-located (affinity) or not co-located (anti-affinity) with, +/// where co-located is defined as running on a node whose value of +/// the label with key matches that of any node on which +/// a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesGitRepo { - /// directory is the target directory name. - /// Must not contain or start with '..'. If '.' is supplied, the volume directory will be the - /// git repository. Otherwise, if specified, the volume will contain the git repository in - /// the subdirectory with the given name. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub directory: Option, - /// repository is the URL - pub repository: String, - /// revision is the commit hash for the specified revision. +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// A label query over a set of resources, in this case pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] - pub revision: Option, -} - -/// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. -/// More info: https://examples.k8s.io/volumes/glusterfs/README.md -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesGlusterfs { - /// endpoints is the endpoint name that details Glusterfs topology. - /// More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - pub endpoints: String, - /// path is the Glusterfs volume path. - /// More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - pub path: String, - /// readOnly here will force the Glusterfs volume to be mounted with read-only permissions. - /// Defaults to false. - /// More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, -} - -/// hostPath represents a pre-existing file or directory on the host -/// machine that is directly exposed to the container. This is generally -/// used for system agents or other privileged things that are allowed -/// to see the host machine. Most containers will NOT need this. -/// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesHostPath { - /// path of the directory on the host. - /// If the path is a symlink, it will follow the link to the real path. - /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - pub path: String, - /// type for HostPath Volume - /// Defaults to "" - /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] - pub r#type: Option, + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, } -/// iscsi represents an ISCSI Disk resource that is attached to a -/// kubelet's host machine and then exposed to the pod. -/// More info: https://examples.k8s.io/volumes/iscsi/README.md +/// A label query over a set of resources, in this case pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesIscsi { - /// chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication - #[serde(default, skip_serializing_if = "Option::is_none", rename = "chapAuthDiscovery")] - pub chap_auth_discovery: Option, - /// chapAuthSession defines whether support iSCSI Session CHAP authentication - #[serde(default, skip_serializing_if = "Option::is_none", rename = "chapAuthSession")] - pub chap_auth_session: Option, - /// fsType is the filesystem type of the volume that you want to mount. - /// Tip: Ensure that the filesystem type is supported by the host operating system. - /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] - pub fs_type: Option, - /// initiatorName is the custom iSCSI Initiator Name. - /// If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface - /// : will be created for the connection. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "initiatorName")] - pub initiator_name: Option, - /// iqn is the target iSCSI Qualified Name. - pub iqn: String, - /// iscsiInterface is the interface Name that uses an iSCSI transport. - /// Defaults to 'default' (tcp). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "iscsiInterface")] - pub iscsi_interface: Option, - /// lun represents iSCSI Target Lun number. - pub lun: i32, - /// portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port - /// is other than default (typically TCP ports 860 and 3260). +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub portals: Option>, - /// readOnly here will force the ReadOnly setting in VolumeMounts. - /// Defaults to false. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// secretRef is the CHAP Secret for iSCSI target and initiator authentication - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] - pub secret_ref: Option, - /// targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port - /// is other than default (typically TCP ports 860 and 3260). - #[serde(rename = "targetPortal")] - pub target_portal: String, + pub values: Option>, } -/// secretRef is the CHAP Secret for iSCSI target and initiator authentication +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesIscsiSecretRef { - /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Add other useful fields. apiVersion, kind, uid? +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub values: Option>, } -/// nfs represents an NFS mount on the host that shares a pod's lifetime -/// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs +/// The pod this Toleration is attached to tolerates any taint that matches +/// the triple using the matching operator . #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesNfs { - /// path that is exported by the NFS server. - /// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - pub path: String, - /// readOnly here will force the NFS export to be mounted with read-only permissions. - /// Defaults to false. - /// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// server is the hostname or IP address of the NFS server. - /// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - pub server: String, +pub struct ClusterShardingSpecsTemplateSchedulingPolicyTolerations { + /// Effect indicates the taint effect to match. Empty means match all taint effects. + /// When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub effect: Option, + /// Key is the taint key that the toleration applies to. Empty means match all taint keys. + /// If the key is empty, operator must be Exists; this combination means to match all values and all keys. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Operator represents a key's relationship to the value. + /// Valid operators are Exists and Equal. Defaults to Equal. + /// Exists is equivalent to wildcard for value, so that a pod can + /// tolerate all taints of a particular category. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// TolerationSeconds represents the period of time the toleration (which must be + /// of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + /// it is not set, which means tolerate the taint forever (do not evict). Zero and + /// negative values will be treated as 0 (evict immediately) by the system. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] + pub toleration_seconds: Option, + /// Value is the taint value the toleration matches to. + /// If the operator is Exists, the value should be empty, otherwise just a regular string. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, } -/// persistentVolumeClaimVolumeSource represents a reference to a -/// PersistentVolumeClaim in the same namespace. -/// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +/// TopologySpreadConstraint specifies how to spread matching pods among the given topology. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesPersistentVolumeClaim { - /// claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. - /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - #[serde(rename = "claimName")] - pub claim_name: String, - /// readOnly Will force the ReadOnly setting in VolumeMounts. - /// Default false. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, +pub struct ClusterShardingSpecsTemplateSchedulingPolicyTopologySpreadConstraints { + /// LabelSelector is used to find matching pods. + /// Pods that match this label selector are counted to determine the number of pods + /// in their corresponding topology domain. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select the pods over which + /// spreading will be calculated. The keys are used to lookup values from the + /// incoming pod labels, those key-value labels are ANDed with labelSelector + /// to select the group of existing pods over which spreading will be calculated + /// for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + /// MatchLabelKeys cannot be set when LabelSelector isn't set. + /// Keys that don't exist in the incoming pod labels will + /// be ignored. A null or empty list means only match against labelSelector. + /// + /// + /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MaxSkew describes the degree to which pods may be unevenly distributed. + /// When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + /// between the number of matching pods in the target topology and the global minimum. + /// The global minimum is the minimum number of matching pods in an eligible domain + /// or zero if the number of eligible domains is less than MinDomains. + /// For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + /// labelSelector spread as 2/2/1: + /// In this case, the global minimum is 1. + /// | zone1 | zone2 | zone3 | + /// | P P | P P | P | + /// - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + /// scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + /// violate MaxSkew(1). + /// - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + /// When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + /// to topologies that satisfy it. + /// It's a required field. Default value is 1 and 0 is not allowed. + #[serde(rename = "maxSkew")] + pub max_skew: i32, + /// MinDomains indicates a minimum number of eligible domains. + /// When the number of eligible domains with matching topology keys is less than minDomains, + /// Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + /// And when the number of eligible domains with matching topology keys equals or greater than minDomains, + /// this value has no effect on scheduling. + /// As a result, when the number of eligible domains is less than minDomains, + /// scheduler won't schedule more than maxSkew Pods to those domains. + /// If value is nil, the constraint behaves as if MinDomains is equal to 1. + /// Valid values are integers greater than 0. + /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + /// + /// + /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + /// labelSelector spread as 2/2/2: + /// | zone1 | zone2 | zone3 | + /// | P P | P P | P P | + /// The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + /// In this situation, new pod with the same labelSelector cannot be scheduled, + /// because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + /// it will violate MaxSkew. + /// + /// + /// This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "minDomains")] + pub min_domains: Option, + /// NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + /// when calculating pod topology spread skew. Options are: + /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + /// + /// + /// If this value is nil, the behavior is equivalent to the Honor policy. + /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] + pub node_affinity_policy: Option, + /// NodeTaintsPolicy indicates how we will treat node taints when calculating + /// pod topology spread skew. Options are: + /// - Honor: nodes without taints, along with tainted nodes for which the incoming pod + /// has a toleration, are included. + /// - Ignore: node taints are ignored. All nodes are included. + /// + /// + /// If this value is nil, the behavior is equivalent to the Ignore policy. + /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] + pub node_taints_policy: Option, + /// TopologyKey is the key of node labels. Nodes that have a label with this key + /// and identical values are considered to be in the same topology. + /// We consider each as a "bucket", and try to put balanced number + /// of pods into each bucket. + /// We define a domain as a particular instance of a topology. + /// Also, we define an eligible domain as a domain whose nodes meet the requirements of + /// nodeAffinityPolicy and nodeTaintsPolicy. + /// e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + /// And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + /// It's a required field. + #[serde(rename = "topologyKey")] + pub topology_key: String, + /// WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + /// the spread constraint. + /// - DoNotSchedule (default) tells the scheduler not to schedule it. + /// - ScheduleAnyway tells the scheduler to schedule the pod in any location, + /// but giving higher precedence to topologies that would help reduce the + /// skew. + /// A constraint is considered "Unsatisfiable" for an incoming pod + /// if and only if every possible node assignment for that pod would violate + /// "MaxSkew" on some topology. + /// For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + /// labelSelector spread as 3/1/1: + /// | zone1 | zone2 | zone3 | + /// | P P P | P | P | + /// If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + /// to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + /// MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + /// won't make it *more* imbalanced. + /// It's a required field. + #[serde(rename = "whenUnsatisfiable")] + pub when_unsatisfiable: String, } -/// photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine +/// LabelSelector is used to find matching pods. +/// Pods that match this label selector are counted to determine the number of pods +/// in their corresponding topology domain. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesPhotonPersistentDisk { - /// fsType is the filesystem type to mount. - /// Must be a filesystem type supported by the host operating system. - /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] - pub fs_type: Option, - /// pdID is the ID that identifies Photon Controller persistent disk - #[serde(rename = "pdID")] - pub pd_id: String, +pub struct ClusterShardingSpecsTemplateSchedulingPolicyTopologySpreadConstraintsLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, } -/// portworxVolume represents a portworx volume attached and mounted on kubelets host machine +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesPortworxVolume { - /// fSType represents the filesystem type to mount - /// Must be a filesystem type supported by the host operating system. - /// Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] - pub fs_type: Option, - /// readOnly defaults to false (read/write). ReadOnly here will force - /// the ReadOnly setting in VolumeMounts. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// volumeID uniquely identifies a Portworx volume - #[serde(rename = "volumeID")] - pub volume_id: String, +pub struct ClusterShardingSpecsTemplateSchedulingPolicyTopologySpreadConstraintsLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, } -/// projected items for all in one resources secrets, configmaps, and downward API #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesProjected { - /// defaultMode are the mode bits used to set permissions on created files by default. - /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - /// Directories within the path are not affected by this setting. - /// This might be in conflict with other options that affect the file - /// mode, like fsGroup, and the result can be other mode bits set. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] - pub default_mode: Option, - /// sources is the list of volume projections +pub struct ClusterShardingSpecsTemplateServiceRefs { + /// Specifies the name of the KubeBlocks Cluster being referenced. + /// This is used when services from another KubeBlocks Cluster are consumed. + /// + /// + /// By default, the referenced KubeBlocks Cluster's `clusterDefinition.spec.connectionCredential` + /// will be utilized to bind to the current Component. This credential should include: + /// `endpoint`, `port`, `username`, and `password`. + /// + /// + /// Note: + /// + /// + /// - The `ServiceKind` and `ServiceVersion` specified in the service reference within the + /// ClusterDefinition are not validated when using this approach. + /// - If both `cluster` and `serviceDescriptor` are present, `cluster` will take precedence. + /// + /// + /// Deprecated since v0.9 since `clusterDefinition.spec.connectionCredential` is deprecated, + /// use `clusterServiceSelector` instead. + /// This field is maintained for backward compatibility and its use is discouraged. + /// Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. #[serde(default, skip_serializing_if = "Option::is_none")] - pub sources: Option>, + pub cluster: Option, + /// References a service provided by another KubeBlocks Cluster. + /// It specifies the ClusterService and the account credentials needed for access. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterServiceSelector")] + pub cluster_service_selector: Option, + /// Specifies the identifier of the service reference declaration. + /// It corresponds to the serviceRefDeclaration name defined in either: + /// + /// + /// - `componentDefinition.spec.serviceRefDeclarations[*].name` + /// - `clusterDefinition.spec.componentDefs[*].serviceRefDeclarations[*].name` (deprecated) + pub name: String, + /// Specifies the namespace of the referenced Cluster or the namespace of the referenced ServiceDescriptor object. + /// If not provided, the referenced Cluster and ServiceDescriptor will be searched in the namespace of the current + /// Cluster by default. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Specifies the name of the ServiceDescriptor object that describes a service provided by external sources. + /// + /// + /// When referencing a service provided by external sources, a ServiceDescriptor object is required to establish + /// the service binding. + /// The `serviceDescriptor.spec.serviceKind` and `serviceDescriptor.spec.serviceVersion` should match the serviceKind + /// and serviceVersion declared in the definition. + /// + /// + /// If both `cluster` and `serviceDescriptor` are specified, the `cluster` takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceDescriptor")] + pub service_descriptor: Option, } -/// Projection that may be projected along with other supported volume types +/// References a service provided by another KubeBlocks Cluster. +/// It specifies the ClusterService and the account credentials needed for access. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesProjectedSources { - /// configMap information about the configMap data to project - #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] - pub config_map: Option, - /// downwardAPI information about the downwardAPI data to project - #[serde(default, skip_serializing_if = "Option::is_none", rename = "downwardAPI")] - pub downward_api: Option, - /// secret information about the secret data to project +pub struct ClusterShardingSpecsTemplateServiceRefsClusterServiceSelector { + /// The name of the Cluster being referenced. + pub cluster: String, + /// Specifies the SystemAccount to authenticate and establish a connection with the referenced Cluster. + /// The SystemAccount should be defined in `componentDefinition.spec.systemAccounts` + /// of the Component providing the service in the referenced Cluster. #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret: Option, - /// serviceAccountToken is information about the serviceAccountToken data to project - #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccountToken")] - pub service_account_token: Option, + pub credential: Option, + /// Identifies a ClusterService from the list of Services defined in `cluster.spec.services` of the referenced Cluster. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub service: Option, } -/// configMap information about the configMap data to project +/// Specifies the SystemAccount to authenticate and establish a connection with the referenced Cluster. +/// The SystemAccount should be defined in `componentDefinition.spec.systemAccounts` +/// of the Component providing the service in the referenced Cluster. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesProjectedSourcesConfigMap { - /// items if unspecified, each key-value pair in the Data field of the referenced - /// ConfigMap will be projected into the volume as a file whose name is the - /// key and content is the value. If specified, the listed keys will be - /// projected into the specified paths, and unlisted keys will not be - /// present. If a key is specified which is not present in the ConfigMap, - /// the volume setup will error unless it is marked optional. Paths must be - /// relative and may not contain the '..' path or start with '..'. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub items: Option>, - /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Add other useful fields. apiVersion, kind, uid? - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// optional specify whether the ConfigMap or its keys must be defined - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, +pub struct ClusterShardingSpecsTemplateServiceRefsClusterServiceSelectorCredential { + /// The name of the Component where the credential resides in. + pub component: String, + /// The name of the credential (SystemAccount) to reference. + pub name: String, } -/// Maps a string key to a path within a volume. +/// Identifies a ClusterService from the list of Services defined in `cluster.spec.services` of the referenced Cluster. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesProjectedSourcesConfigMapItems { - /// key is the key to project. - pub key: String, - /// mode is Optional: mode bits used to set permissions on this file. - /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - /// If not specified, the volume defaultMode will be used. - /// This might be in conflict with other options that affect the file - /// mode, like fsGroup, and the result can be other mode bits set. +pub struct ClusterShardingSpecsTemplateServiceRefsClusterServiceSelectorService { + /// The name of the Component where the Service resides in. + /// + /// + /// It is required when referencing a Component's Service. #[serde(default, skip_serializing_if = "Option::is_none")] - pub mode: Option, - /// path is the relative path of the file to map the key to. - /// May not be an absolute path. - /// May not contain the path element '..'. - /// May not start with the string '..'. - pub path: String, + pub component: Option, + /// The port name of the Service to be referenced. + /// + /// + /// If there is a non-zero node-port exist for the matched Service port, the node-port will be selected first. + /// + /// + /// If the referenced Service is of pod-service type (a Service per Pod), there will be multiple Service objects matched, + /// and the resolved value will be presented in the following format: service1.name:port1,service2.name:port2... + #[serde(default, skip_serializing_if = "Option::is_none")] + pub port: Option, + /// The name of the Service to be referenced. + /// + /// + /// Leave it empty to reference the default Service. Set it to "headless" to reference the default headless Service. + /// + /// + /// If the referenced Service is of pod-service type (a Service per Pod), there will be multiple Service objects matched, + /// and the resolved value will be presented in the following format: service1.name,service2.name... + pub service: String, } -/// downwardAPI information about the downwardAPI data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesProjectedSourcesDownwardApi { - /// Items is a list of DownwardAPIVolume file +pub struct ClusterShardingSpecsTemplateServices { + /// If ServiceType is LoadBalancer, cloud provider related parameters can be put here. + /// More info: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer. #[serde(default, skip_serializing_if = "Option::is_none")] - pub items: Option>, + pub annotations: Option>, + /// References the ComponentService name defined in the `componentDefinition.spec.services[*].name`. + pub name: String, + /// Indicates whether to generate individual Services for each Pod. + /// If set to true, a separate Service will be created for each Pod in the Cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podService")] + pub pod_service: Option, + /// Determines how the Service is exposed. Valid options are `ClusterIP`, `NodePort`, and `LoadBalancer`. + /// + /// + /// - `ClusterIP` allocates a Cluster-internal IP address for load-balancing to endpoints. + /// Endpoints are determined by the selector or if that is not specified, + /// they are determined by manual construction of an Endpoints object or EndpointSlice objects. + /// - `NodePort` builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the ClusterIP. + /// - `LoadBalancer` builds on NodePort and creates an external load-balancer (if supported in the current cloud) + /// which routes to the same endpoints as the ClusterIP. + /// + /// + /// Note: although K8s Service type allows the 'ExternalName' type, it is not a valid option for ClusterComponentService. + /// + /// + /// For more info, see: + /// https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceType")] + pub service_type: Option, } -/// DownwardAPIVolumeFile represents information to create the file containing the pod field +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterShardingSpecsTemplateServicesServiceType { + #[serde(rename = "ClusterIP")] + ClusterIp, + NodePort, + LoadBalancer, +} + +/// Defines the strategy for switchover and failover when workloadType is Replication. +/// +/// +/// Deprecated since v0.9. +/// This field is maintained for backward compatibility and its use is discouraged. +/// Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesProjectedSourcesDownwardApiItems { - /// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] - pub field_ref: Option, - /// Optional: mode bits used to set permissions on this file, must be an octal value - /// between 0000 and 0777 or a decimal value between 0 and 511. - /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - /// If not specified, the volume defaultMode will be used. - /// This might be in conflict with other options that affect the file - /// mode, like fsGroup, and the result can be other mode bits set. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub mode: Option, - /// Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' - pub path: String, - /// Selects a resource of the container: only resources limits and requests - /// (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] - pub resource_field_ref: Option, +pub struct ClusterShardingSpecsTemplateSwitchPolicy { + /// Type specifies the type of switch policy to be applied. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, } -/// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesProjectedSourcesDownwardApiItemsFieldRef { - /// Version of the schema the FieldPath is written in terms of, defaults to "v1". - #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] - pub api_version: Option, - /// Path of the field to select in the specified API version. - #[serde(rename = "fieldPath")] - pub field_path: String, +/// Defines the strategy for switchover and failover when workloadType is Replication. +/// +/// +/// Deprecated since v0.9. +/// This field is maintained for backward compatibility and its use is discouraged. +/// Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterShardingSpecsTemplateSwitchPolicyType { + Noop, } -/// Selects a resource of the container: only resources limits and requests -/// (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesProjectedSourcesDownwardApiItemsResourceFieldRef { - /// Container name: required for volumes, optional for env vars - #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] - pub container_name: Option, - /// Specifies the output format of the exposed resources, defaults to "1" - #[serde(default, skip_serializing_if = "Option::is_none")] - pub divisor: Option, - /// Required: resource to select - pub resource: String, +pub struct ClusterShardingSpecsTemplateSystemAccounts { + /// The name of the system account. + pub name: String, + /// Specifies the policy for generating the account's password. + /// + /// + /// This field is immutable once set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "passwordConfig")] + pub password_config: Option, + /// Refers to the secret from which data will be copied to create the new account. + /// + /// + /// This field is immutable once set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, } -/// secret information about the secret data to project +/// Specifies the policy for generating the account's password. +/// +/// +/// This field is immutable once set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesProjectedSourcesSecret { - /// items if unspecified, each key-value pair in the Data field of the referenced - /// Secret will be projected into the volume as a file whose name is the - /// key and content is the value. If specified, the listed keys will be - /// projected into the specified paths, and unlisted keys will not be - /// present. If a key is specified which is not present in the Secret, - /// the volume setup will error unless it is marked optional. Paths must be - /// relative and may not contain the '..' path or start with '..'. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub items: Option>, - /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Add other useful fields. apiVersion, kind, uid? +pub struct ClusterShardingSpecsTemplateSystemAccountsPasswordConfig { + /// The length of the password. #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// optional field specify whether the Secret or its key must be defined + pub length: Option, + /// The case of the letters in the password. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "letterCase")] + pub letter_case: Option, + /// The number of digits in the password. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "numDigits")] + pub num_digits: Option, + /// The number of symbols in the password. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "numSymbols")] + pub num_symbols: Option, + /// Seed to generate the account's password. + /// Cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, + pub seed: Option, } -/// Maps a string key to a path within a volume. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesProjectedSourcesSecretItems { - /// key is the key to project. - pub key: String, - /// mode is Optional: mode bits used to set permissions on this file. - /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - /// If not specified, the volume defaultMode will be used. - /// This might be in conflict with other options that affect the file - /// mode, like fsGroup, and the result can be other mode bits set. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub mode: Option, - /// path is the relative path of the file to map the key to. - /// May not be an absolute path. - /// May not contain the path element '..'. - /// May not start with the string '..'. - pub path: String, +/// Specifies the policy for generating the account's password. +/// +/// +/// This field is immutable once set. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterShardingSpecsTemplateSystemAccountsPasswordConfigLetterCase { + LowerCases, + UpperCases, + MixedCases, } -/// serviceAccountToken is information about the serviceAccountToken data to project +/// Refers to the secret from which data will be copied to create the new account. +/// +/// +/// This field is immutable once set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesProjectedSourcesServiceAccountToken { - /// audience is the intended audience of the token. A recipient of a token - /// must identify itself with an identifier specified in the audience of the - /// token, and otherwise should reject the token. The audience defaults to the - /// identifier of the apiserver. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub audience: Option, - /// expirationSeconds is the requested duration of validity of the service - /// account token. As the token approaches expiration, the kubelet volume - /// plugin will proactively rotate the service account token. The kubelet will - /// start trying to rotate the token if the token is older than 80 percent of - /// its time to live or if the token is older than 24 hours.Defaults to 1 hour - /// and must be at least 10 minutes. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "expirationSeconds")] - pub expiration_seconds: Option, - /// path is the path relative to the mount point of the file to project the - /// token into. - pub path: String, +pub struct ClusterShardingSpecsTemplateSystemAccountsSecretRef { + /// The unique identifier of the secret. + pub name: String, + /// The namespace where the secret is located. + pub namespace: String, } -/// quobyte represents a Quobyte mount on the host that shares a pod's lifetime +/// The pod this Toleration is attached to tolerates any taint that matches +/// the triple using the matching operator . #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesQuobyte { - /// group to map volume access to - /// Default is no group +pub struct ClusterShardingSpecsTemplateTolerations { + /// Effect indicates the taint effect to match. Empty means match all taint effects. + /// When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. #[serde(default, skip_serializing_if = "Option::is_none")] - pub group: Option, - /// readOnly here will force the Quobyte volume to be mounted with read-only permissions. - /// Defaults to false. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// registry represents a single or multiple Quobyte Registry services - /// specified as a string as host:port pair (multiple entries are separated with commas) - /// which acts as the central registry for volumes - pub registry: String, - /// tenant owning the given Quobyte volume in the Backend - /// Used with dynamically provisioned Quobyte volumes, value is set by the plugin + pub effect: Option, + /// Key is the taint key that the toleration applies to. Empty means match all taint keys. + /// If the key is empty, operator must be Exists; this combination means to match all values and all keys. #[serde(default, skip_serializing_if = "Option::is_none")] - pub tenant: Option, - /// user to map volume access to - /// Defaults to serivceaccount user + pub key: Option, + /// Operator represents a key's relationship to the value. + /// Valid operators are Exists and Equal. Defaults to Equal. + /// Exists is equivalent to wildcard for value, so that a pod can + /// tolerate all taints of a particular category. #[serde(default, skip_serializing_if = "Option::is_none")] - pub user: Option, - /// volume is a string that references an already created Quobyte volume by name. - pub volume: String, + pub operator: Option, + /// TolerationSeconds represents the period of time the toleration (which must be + /// of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + /// it is not set, which means tolerate the taint forever (do not evict). Zero and + /// negative values will be treated as 0 (evict immediately) by the system. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] + pub toleration_seconds: Option, + /// Value is the taint value the toleration matches to. + /// If the operator is Exists, the value should be empty, otherwise just a regular string. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, } -/// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. -/// More info: https://examples.k8s.io/volumes/rbd/README.md +/// The template for generating Components for shards, where each shard consists of one Component. +/// This field is of type ClusterComponentSpec, which encapsulates all the required details and +/// definitions for creating and managing the Components. +/// KubeBlocks uses this template to generate a set of identical Components or shards. +/// All the generated Components will have the same specifications and definitions as specified in the `template` field. +/// +/// +/// This allows for the creation of multiple Components with consistent configurations, +/// enabling sharding and distribution of workloads across Components. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterShardingSpecsTemplateUpdateStrategy { + Serial, + BestEffortParallel, + Parallel, +} + +/// Allows users to specify custom ConfigMaps and Secrets to be mounted as volumes +/// in the Cluster's Pods. +/// This is useful in scenarios where users need to provide additional resources to the Cluster, such as: +/// +/// +/// - Mounting custom scripts or configuration files during Cluster startup. +/// - Mounting Secrets as volumes to provide sensitive information, like S3 AK/SK, to the Cluster. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesRbd { - /// fsType is the filesystem type of the volume that you want to mount. - /// Tip: Ensure that the filesystem type is supported by the host operating system. - /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] - pub fs_type: Option, - /// image is the rados image name. - /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - pub image: String, - /// keyring is the path to key ring for RBDUser. - /// Default is /etc/ceph/keyring. - /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - #[serde(default, skip_serializing_if = "Option::is_none")] - pub keyring: Option, - /// monitors is a collection of Ceph monitors. - /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - pub monitors: Vec, - /// pool is the rados pool name. - /// Default is rbd. - /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - #[serde(default, skip_serializing_if = "Option::is_none")] - pub pool: Option, - /// readOnly here will force the ReadOnly setting in VolumeMounts. - /// Defaults to false. - /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// secretRef is name of the authentication secret for RBDUser. If provided - /// overrides keyring. - /// Default is nil. - /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] - pub secret_ref: Option, - /// user is the rados user name. - /// Default is admin. - /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - #[serde(default, skip_serializing_if = "Option::is_none")] - pub user: Option, +pub struct ClusterShardingSpecsTemplateUserResourceRefs { + /// ConfigMapRefs defines the user-defined ConfigMaps. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapRefs")] + pub config_map_refs: Option>, + /// SecretRefs defines the user-defined Secrets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRefs")] + pub secret_refs: Option>, +} + +/// ConfigMapRef defines a reference to a ConfigMap. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateUserResourceRefsConfigMapRefs { + /// AsVolumeFrom lists the names of containers in which the volume should be mounted. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "asVolumeFrom")] + pub as_volume_from: Option>, + /// ConfigMap specifies the ConfigMap to be mounted as a volume. + #[serde(rename = "configMap")] + pub config_map: ClusterShardingSpecsTemplateUserResourceRefsConfigMapRefsConfigMap, + /// MountPoint is the filesystem path where the volume will be mounted. + #[serde(rename = "mountPoint")] + pub mount_point: String, + /// Name is the name of the referenced ConfigMap or Secret object. It must conform to DNS label standards. + pub name: String, + /// SubPath specifies a path within the volume from which to mount. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] + pub sub_path: Option, } -/// secretRef is name of the authentication secret for RBDUser. If provided -/// overrides keyring. -/// Default is nil. -/// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +/// ConfigMap specifies the ConfigMap to be mounted as a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesRbdSecretRef { +pub struct ClusterShardingSpecsTemplateUserResourceRefsConfigMapRefsConfigMap { + /// defaultMode is optional: mode bits used to set permissions on created files by default. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// Defaults to 0644. + /// Directories within the path are not affected by this setting. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + /// items if unspecified, each key-value pair in the Data field of the referenced + /// ConfigMap will be projected into the volume as a file whose name is the + /// key and content is the value. If specified, the listed keys will be + /// projected into the specified paths, and unlisted keys will not be + /// present. If a key is specified which is not present in the ConfigMap, + /// the volume setup will error unless it is marked optional. Paths must be + /// relative and may not contain the '..' path or start with '..'. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, /// Name of the referent. /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, + /// optional specify whether the ConfigMap or its keys must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, } -/// scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. +/// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesScaleIo { - /// fsType is the filesystem type to mount. - /// Must be a filesystem type supported by the host operating system. - /// Ex. "ext4", "xfs", "ntfs". - /// Default is "xfs". - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] - pub fs_type: Option, - /// gateway is the host address of the ScaleIO API Gateway. - pub gateway: String, - /// protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "protectionDomain")] - pub protection_domain: Option, - /// readOnly Defaults to false (read/write). ReadOnly here will force - /// the ReadOnly setting in VolumeMounts. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// secretRef references to the secret for ScaleIO user and other - /// sensitive information. If this is not provided, Login operation will fail. - #[serde(rename = "secretRef")] - pub secret_ref: ClusterShardingSpecsTemplateInstancesVolumesScaleIoSecretRef, - /// sslEnabled Flag enable/disable SSL communication with Gateway, default false - #[serde(default, skip_serializing_if = "Option::is_none", rename = "sslEnabled")] - pub ssl_enabled: Option, - /// storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. - /// Default is ThinProvisioned. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageMode")] - pub storage_mode: Option, - /// storagePool is the ScaleIO Storage Pool associated with the protection domain. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePool")] - pub storage_pool: Option, - /// system is the name of the storage system as configured in ScaleIO. - pub system: String, - /// volumeName is the name of a volume already created in the ScaleIO system - /// that is associated with this volume source. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] - pub volume_name: Option, +pub struct ClusterShardingSpecsTemplateUserResourceRefsConfigMapRefsConfigMapItems { + /// key is the key to project. + pub key: String, + /// mode is Optional: mode bits used to set permissions on this file. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + /// path is the relative path of the file to map the key to. + /// May not be an absolute path. + /// May not contain the path element '..'. + /// May not start with the string '..'. + pub path: String, } -/// secretRef references to the secret for ScaleIO user and other -/// sensitive information. If this is not provided, Login operation will fail. +/// SecretRef defines a reference to a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesScaleIoSecretRef { - /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Add other useful fields. apiVersion, kind, uid? - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, +pub struct ClusterShardingSpecsTemplateUserResourceRefsSecretRefs { + /// AsVolumeFrom lists the names of containers in which the volume should be mounted. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "asVolumeFrom")] + pub as_volume_from: Option>, + /// MountPoint is the filesystem path where the volume will be mounted. + #[serde(rename = "mountPoint")] + pub mount_point: String, + /// Name is the name of the referenced ConfigMap or Secret object. It must conform to DNS label standards. + pub name: String, + /// Secret specifies the Secret to be mounted as a volume. + pub secret: ClusterShardingSpecsTemplateUserResourceRefsSecretRefsSecret, + /// SubPath specifies a path within the volume from which to mount. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] + pub sub_path: Option, } -/// secret represents a secret that should populate this volume. -/// More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +/// Secret specifies the Secret to be mounted as a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesSecret { +pub struct ClusterShardingSpecsTemplateUserResourceRefsSecretRefsSecret { /// defaultMode is Optional: mode bits used to set permissions on created files by default. /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. /// YAML accepts both octal and decimal values, JSON requires decimal values @@ -9056,7 +12183,7 @@ pub struct ClusterShardingSpecsTemplateInstancesVolumesSecret { /// the volume setup will error unless it is marked optional. Paths must be /// relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] - pub items: Option>, + pub items: Option>, /// optional field specify whether the Secret or its keys must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, @@ -9068,7 +12195,7 @@ pub struct ClusterShardingSpecsTemplateInstancesVolumesSecret { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesSecretItems { +pub struct ClusterShardingSpecsTemplateUserResourceRefsSecretRefsSecretItems { /// key is the key to project. pub key: String, /// mode is Optional: mode bits used to set permissions on this file. @@ -9086,105 +12213,60 @@ pub struct ClusterShardingSpecsTemplateInstancesVolumesSecretItems { pub path: String, } -/// storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesStorageos { - /// fsType is the filesystem type to mount. - /// Must be a filesystem type supported by the host operating system. - /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] - pub fs_type: Option, - /// readOnly defaults to false (read/write). ReadOnly here will force - /// the ReadOnly setting in VolumeMounts. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] - pub read_only: Option, - /// secretRef specifies the secret to use for obtaining the StorageOS API - /// credentials. If not specified, default values will be attempted. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] - pub secret_ref: Option, - /// volumeName is the human-readable name of the StorageOS volume. Volume - /// names are only unique within a namespace. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] - pub volume_name: Option, - /// volumeNamespace specifies the scope of the volume within StorageOS. If no - /// namespace is specified then the Pod's namespace will be used. This allows the - /// Kubernetes name scoping to be mirrored within StorageOS for tighter integration. - /// Set VolumeName to any name to override the default behaviour. - /// Set to "default" if you are not using namespaces within StorageOS. - /// Namespaces that do not pre-exist within StorageOS will be created. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeNamespace")] - pub volume_namespace: Option, -} - -/// secretRef specifies the secret to use for obtaining the StorageOS API -/// credentials. If not specified, default values will be attempted. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesStorageosSecretRef { - /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Add other useful fields. apiVersion, kind, uid? - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, -} - -/// vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateInstancesVolumesVsphereVolume { - /// fsType is filesystem type to mount. - /// Must be a filesystem type supported by the host operating system. - /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] - pub fs_type: Option, - /// storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePolicyID")] - pub storage_policy_id: Option, - /// storagePolicyName is the storage Policy Based Management (SPBM) profile name. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePolicyName")] - pub storage_policy_name: Option, - /// volumePath is the path that identifies vSphere volume vmdk - #[serde(rename = "volumePath")] - pub volume_path: String, -} - -/// Specifies the configuration for the TLS certificates issuer. -/// It allows defining the issuer name and the reference to the secret containing the TLS certificates and key. -/// The secret should contain the CA certificate, TLS certificate, and private key in the specified keys. -/// Required when TLS is enabled. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateIssuer { - /// The issuer for TLS certificates. - /// It only allows two enum values: `KubeBlocks` and `UserProvided`. +pub struct ClusterShardingSpecsTemplateVolumeClaimTemplates { + /// Refers to the name of a volumeMount defined in either: /// /// - /// - `KubeBlocks` indicates that the self-signed TLS certificates generated by the KubeBlocks Operator will be used. - /// - `UserProvided` means that the user is responsible for providing their own CA, Cert, and Key. - /// In this case, the user-provided CA certificate, server certificate, and private key will be used - /// for TLS communication. + /// - `componentDefinition.spec.runtime.containers[*].volumeMounts` + /// - `clusterDefinition.spec.componentDefs[*].podSpec.containers[*].volumeMounts` (deprecated) + /// + /// + /// The value of `name` must match the `name` field of a volumeMount specified in the corresponding `volumeMounts` array. pub name: String, - /// SecretRef is the reference to the secret that contains user-provided certificates. - /// It is required when the issuer is set to `UserProvided`. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] - pub secret_ref: Option, + /// Defines the desired characteristics of a PersistentVolumeClaim that will be created for the volume + /// with the mount name specified in the `name` field. + /// + /// + /// When a Pod is created for this ClusterComponent, a new PVC will be created based on the specification + /// defined in the `spec` field. The PVC will be associated with the volume mount specified by the `name` field. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub spec: Option, } -/// SecretRef is the reference to the secret that contains user-provided certificates. -/// It is required when the issuer is set to `UserProvided`. +/// Defines the desired characteristics of a PersistentVolumeClaim that will be created for the volume +/// with the mount name specified in the `name` field. +/// +/// +/// When a Pod is created for this ClusterComponent, a new PVC will be created based on the specification +/// defined in the `spec` field. The PVC will be associated with the volume mount specified by the `name` field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateIssuerSecretRef { - /// Key of CA cert in Secret - pub ca: String, - /// Key of Cert in Secret - pub cert: String, - /// Key of TLS private key in Secret - pub key: String, - /// Name of the Secret that contains user-provided certificates. - pub name: String, +pub struct ClusterShardingSpecsTemplateVolumeClaimTemplatesSpec { + /// Contains the desired access modes the volume should have. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] + pub access_modes: Option>, + /// Represents the minimum resources the volume should have. + /// If the RecoverVolumeExpansionFailure feature is enabled, users are allowed to specify resource requirements that + /// are lower than the previous value but must still be higher than the capacity recorded in the status field of the claim. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, + /// The name of the StorageClass required by the claim. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] + pub storage_class_name: Option, + /// Defines what type of volume is required by the claim, either Block or Filesystem. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] + pub volume_mode: Option, } -/// Specifies the resources required by the Component. -/// It allows defining the CPU, memory requirements and limits for the Component's containers. +/// Represents the minimum resources the volume should have. +/// If the RecoverVolumeExpansionFailure feature is enabled, users are allowed to specify resource requirements that +/// are lower than the previous value but must still be higher than the capacity recorded in the status field of the claim. +/// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateResources { +pub struct ClusterShardingSpecsTemplateVolumeClaimTemplatesSpecResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// @@ -9195,7 +12277,7 @@ pub struct ClusterShardingSpecsTemplateResources { /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] - pub claims: Option>, + pub claims: Option>, /// Limits describes the maximum amount of compute resources allowed. /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] @@ -9210,815 +12292,771 @@ pub struct ClusterShardingSpecsTemplateResources { /// ResourceClaim references one entry in PodSpec.ResourceClaims. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateResourcesClaims { +pub struct ClusterShardingSpecsTemplateVolumeClaimTemplatesSpecResourcesClaims { /// Name must match the name of one entry in pod.spec.resourceClaims of /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, } -/// Specifies the scheduling policy for the Component. +/// Volume represents a named volume in a pod that may be accessed by any container in the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicy { - /// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. +pub struct ClusterShardingSpecsTemplateVolumes { + /// awsElasticBlockStore represents an AWS Disk resource that is attached to a + /// kubelet's host machine and then exposed to the pod. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + #[serde(default, skip_serializing_if = "Option::is_none", rename = "awsElasticBlockStore")] + pub aws_elastic_block_store: Option, + /// azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "azureDisk")] + pub azure_disk: Option, + /// azureFile represents an Azure File Service mount on the host and bind mount to the pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "azureFile")] + pub azure_file: Option, + /// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime #[serde(default, skip_serializing_if = "Option::is_none")] - pub affinity: Option, - /// NodeName is a request to schedule this Pod onto a specific node. If it is non-empty, - /// the scheduler simply schedules this Pod onto that node, assuming that it fits resource - /// requirements. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] - pub node_name: Option, - /// NodeSelector is a selector which must be true for the Pod to fit on a node. - /// Selector which must match a node's labels for the Pod to be scheduled on that node. - /// More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] - pub node_selector: Option>, - /// If specified, the Pod will be dispatched by specified scheduler. - /// If not specified, the Pod will be dispatched by default scheduler. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulerName")] - pub scheduler_name: Option, - /// Allows Pods to be scheduled onto nodes with matching taints. - /// Each toleration in the array allows the Pod to tolerate node taints based on - /// specified `key`, `value`, `effect`, and `operator`. + pub cephfs: Option, + /// cinder represents a cinder volume attached and mounted on kubelets host machine. + /// More info: https://examples.k8s.io/mysql-cinder-pd/README.md + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cinder: Option, + /// configMap represents a configMap that should populate this volume + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub csi: Option, + /// downwardAPI represents downward API about the pod that should populate this volume + #[serde(default, skip_serializing_if = "Option::is_none", rename = "downwardAPI")] + pub downward_api: Option, + /// emptyDir represents a temporary directory that shares a pod's lifetime. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDir")] + pub empty_dir: Option, + /// ephemeral represents a volume that is handled by a cluster storage driver. + /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + /// and deleted when the pod is removed. /// /// - /// - The `key`, `value`, and `effect` identify the taint that the toleration matches. - /// - The `operator` determines how the toleration matches the taint. + /// Use this if: + /// a) the volume is only needed while the pod runs, + /// b) features of normal volumes like restoring from snapshot or capacity + /// tracking are needed, + /// c) the storage driver is specified through a storage class, and + /// d) the storage driver supports dynamic volume provisioning through + /// a PersistentVolumeClaim (see EphemeralVolumeSource for more + /// information on the connection between this volume type + /// and PersistentVolumeClaim). /// /// - /// Pods with matching tolerations are allowed to be scheduled on tainted nodes, typically reserved for specific purposes. + /// Use PersistentVolumeClaim or one of the vendor-specific + /// APIs for volumes that persist for longer than the lifecycle + /// of an individual pod. + /// + /// + /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + /// be used that way - see the documentation of the driver for + /// more information. + /// + /// + /// A pod can use both types of ephemeral volumes and + /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] - pub tolerations: Option>, - /// TopologySpreadConstraints describes how a group of Pods ought to spread across topology - /// domains. Scheduler will schedule Pods in a way which abides by the constraints. - /// All topologySpreadConstraints are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] - pub topology_spread_constraints: Option>, -} - -/// Specifies a group of affinity scheduling rules of the Cluster, including NodeAffinity, PodAffinity, and PodAntiAffinity. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinity { - /// Describes node affinity scheduling rules for the pod. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinity")] - pub node_affinity: Option, - /// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAffinity")] - pub pod_affinity: Option, - /// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAntiAffinity")] - pub pod_anti_affinity: Option, -} - -/// Describes node affinity scheduling rules for the pod. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityNodeAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy - /// the affinity expressions specified by this field, but it may choose - /// a node that violates one or more of the expressions. The node that is - /// most preferred is the one with the greatest sum of weights, i.e. - /// for each node that meets all of the scheduling requirements (resource - /// request, requiredDuringScheduling affinity expressions, etc.), - /// compute a sum by iterating through the elements of this field and adding - /// "weight" to the sum if the node matches the corresponding matchExpressions; the - /// node(s) with the highest sum are the most preferred. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] - pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the affinity requirements specified by this field are not met at - /// scheduling time, the pod will not be scheduled onto the node. - /// If the affinity requirements specified by this field cease to be met - /// at some point during pod execution (e.g. due to an update), the system - /// may or may not try to eventually evict the pod from its node. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] - pub required_during_scheduling_ignored_during_execution: Option, -} - -/// An empty preferred scheduling term matches all objects with implicit weight 0 -/// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution { - /// A node selector term, associated with the corresponding weight. - pub preference: ClusterShardingSpecsTemplateSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference, - /// Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. - pub weight: i32, -} - -/// A node selector term, associated with the corresponding weight. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference { - /// A list of node selector requirements by node's labels. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// A list of node selector requirements by node's fields. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] - pub match_fields: Option>, -} - -/// A node selector requirement is a selector that contains values, a key, and an operator -/// that relates the key and values. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions { - /// The label key that the selector applies to. - pub key: String, - /// Represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - pub operator: String, - /// An array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. If the operator is Gt or Lt, the values - /// array must have a single element, which will be interpreted as an integer. - /// This array is replaced during a strategic merge patch. + pub ephemeral: Option, + /// fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, -} - -/// A node selector requirement is a selector that contains values, a key, and an operator -/// that relates the key and values. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields { - /// The label key that the selector applies to. - pub key: String, - /// Represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - pub operator: String, - /// An array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. If the operator is Gt or Lt, the values - /// array must have a single element, which will be interpreted as an integer. - /// This array is replaced during a strategic merge patch. + pub fc: Option, + /// flexVolume represents a generic volume resource that is + /// provisioned/attached using an exec based plugin. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "flexVolume")] + pub flex_volume: Option, + /// flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, -} - -/// If the affinity requirements specified by this field are not met at -/// scheduling time, the pod will not be scheduled onto the node. -/// If the affinity requirements specified by this field cease to be met -/// at some point during pod execution (e.g. due to an update), the system -/// may or may not try to eventually evict the pod from its node. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// Required. A list of node selector terms. The terms are ORed. - #[serde(rename = "nodeSelectorTerms")] - pub node_selector_terms: Vec, -} - -/// A null or empty node selector term matches no objects. The requirements of -/// them are ANDed. -/// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms { - /// A list of node selector requirements by node's labels. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// A list of node selector requirements by node's fields. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] - pub match_fields: Option>, -} - -/// A node selector requirement is a selector that contains values, a key, and an operator -/// that relates the key and values. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions { - /// The label key that the selector applies to. - pub key: String, - /// Represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - pub operator: String, - /// An array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. If the operator is Gt or Lt, the values - /// array must have a single element, which will be interpreted as an integer. - /// This array is replaced during a strategic merge patch. + pub flocker: Option, + /// gcePersistentDisk represents a GCE Disk resource that is attached to a + /// kubelet's host machine and then exposed to the pod. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gcePersistentDisk")] + pub gce_persistent_disk: Option, + /// gitRepo represents a git repository at a particular revision. + /// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + /// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + /// into the Pod's container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gitRepo")] + pub git_repo: Option, + /// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + /// More info: https://examples.k8s.io/volumes/glusterfs/README.md + #[serde(default, skip_serializing_if = "Option::is_none")] + pub glusterfs: Option, + /// hostPath represents a pre-existing file or directory on the host + /// machine that is directly exposed to the container. This is generally + /// used for system agents or other privileged things that are allowed + /// to see the host machine. Most containers will NOT need this. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + /// --- + /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + /// mount host directories as read/write. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] + pub host_path: Option, + /// iscsi represents an ISCSI Disk resource that is attached to a + /// kubelet's host machine and then exposed to the pod. + /// More info: https://examples.k8s.io/volumes/iscsi/README.md + #[serde(default, skip_serializing_if = "Option::is_none")] + pub iscsi: Option, + /// name of the volume. + /// Must be a DNS_LABEL and unique within the pod. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + pub name: String, + /// nfs represents an NFS mount on the host that shares a pod's lifetime + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, -} - -/// A node selector requirement is a selector that contains values, a key, and an operator -/// that relates the key and values. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields { - /// The label key that the selector applies to. - pub key: String, - /// Represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - pub operator: String, - /// An array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. If the operator is Gt or Lt, the values - /// array must have a single element, which will be interpreted as an integer. - /// This array is replaced during a strategic merge patch. + pub nfs: Option, + /// persistentVolumeClaimVolumeSource represents a reference to a + /// PersistentVolumeClaim in the same namespace. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + #[serde(default, skip_serializing_if = "Option::is_none", rename = "persistentVolumeClaim")] + pub persistent_volume_claim: Option, + /// photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "photonPersistentDisk")] + pub photon_persistent_disk: Option, + /// portworxVolume represents a portworx volume attached and mounted on kubelets host machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "portworxVolume")] + pub portworx_volume: Option, + /// projected items for all in one resources secrets, configmaps, and downward API #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, -} - -/// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy - /// the affinity expressions specified by this field, but it may choose - /// a node that violates one or more of the expressions. The node that is - /// most preferred is the one with the greatest sum of weights, i.e. - /// for each node that meets all of the scheduling requirements (resource - /// request, requiredDuringScheduling affinity expressions, etc.), - /// compute a sum by iterating through the elements of this field and adding - /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - /// node(s) with the highest sum are the most preferred. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] - pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the affinity requirements specified by this field are not met at - /// scheduling time, the pod will not be scheduled onto the node. - /// If the affinity requirements specified by this field cease to be met - /// at some point during pod execution (e.g. due to a pod label update), the - /// system may or may not try to eventually evict the pod from its node. - /// When there are multiple elements, the lists of nodes corresponding to each - /// podAffinityTerm are intersected, i.e. all terms must be satisfied. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] - pub required_during_scheduling_ignored_during_execution: Option>, -} - -/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution { - /// Required. A pod affinity term, associated with the corresponding weight. - #[serde(rename = "podAffinityTerm")] - pub pod_affinity_term: ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, - /// weight associated with matching the corresponding podAffinityTerm, - /// in the range 1-100. - pub weight: i32, -} - -/// Required. A pod affinity term, associated with the corresponding weight. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { - /// A label query over a set of resources, in this case pods. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] - pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. - /// The term is applied to the union of the namespaces selected by this field - /// and the ones listed in the namespaces field. - /// null selector and null or empty namespaces list means "this pod's namespace". - /// An empty selector ({}) matches all namespaces. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. - /// The term is applied to the union of the namespaces listed in this field - /// and the ones selected by namespaceSelector. - /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". + pub projected: Option, + /// quobyte represents a Quobyte mount on the host that shares a pod's lifetime #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - /// the labelSelector in the specified namespaces, where co-located is defined as running on a node - /// whose value of the label with key topologyKey matches that of any node on which any of the - /// selected pods is running. - /// Empty topologyKey is not allowed. - #[serde(rename = "topologyKey")] - pub topology_key: String, + pub quobyte: Option, + /// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + /// More info: https://examples.k8s.io/volumes/rbd/README.md + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rbd: Option, + /// scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "scaleIO")] + pub scale_io: Option, + /// secret represents a secret that should populate this volume. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, + /// storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub storageos: Option, + /// vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "vsphereVolume")] + pub vsphere_volume: Option, } -/// A label query over a set of resources, in this case pods. +/// awsElasticBlockStore represents an AWS Disk resource that is attached to a +/// kubelet's host machine and then exposed to the pod. +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterShardingSpecsTemplateVolumesAwsElasticBlockStore { + /// fsType is the filesystem type of the volume that you want to mount. + /// Tip: Ensure that the filesystem type is supported by the host operating system. + /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + /// TODO: how do we prevent errors in the filesystem from compromising the machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// partition is the partition in the volume that you want to mount. + /// If omitted, the default is to mount by volume name. + /// Examples: For volume /dev/sda1, you specify the partition as "1". + /// Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub partition: Option, + /// readOnly value true will force the readOnly setting in VolumeMounts. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + #[serde(rename = "volumeID")] + pub volume_id: String, } -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. +/// azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. +pub struct ClusterShardingSpecsTemplateVolumesAzureDisk { + /// cachingMode is the Host Caching mode: None, Read Only, Read Write. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cachingMode")] + pub caching_mode: Option, + /// diskName is the Name of the data disk in the blob storage + #[serde(rename = "diskName")] + pub disk_name: String, + /// diskURI is the URI of data disk in the blob storage + #[serde(rename = "diskURI")] + pub disk_uri: String, + /// fsType is Filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub kind: Option, + /// readOnly Defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, } -/// A label query over the set of namespaces that the term applies to. -/// The term is applied to the union of the namespaces selected by this field -/// and the ones listed in the namespaces field. -/// null selector and null or empty namespaces list means "this pod's namespace". -/// An empty selector ({}) matches all namespaces. +/// azureFile represents an Azure File Service mount on the host and bind mount to the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterShardingSpecsTemplateVolumesAzureFile { + /// readOnly defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretName is the name of secret that contains Azure Storage Account Name and Key + #[serde(rename = "secretName")] + pub secret_name: String, + /// shareName is the azure share Name + #[serde(rename = "shareName")] + pub share_name: String, } -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. +/// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. +pub struct ClusterShardingSpecsTemplateVolumesCephfs { + /// monitors is Required: Monitors is a collection of Ceph monitors + /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + pub monitors: Vec, + /// path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub path: Option, + /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretFile")] + pub secret_file: Option, + /// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, + /// user is optional: User is the rados user name, default is admin + /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, } - -/// Defines a set of pods (namely those matching the labelSelector -/// relative to the given namespace(s)) that this pod should be -/// co-located (affinity) or not co-located (anti-affinity) with, -/// where co-located is defined as running on a node whose value of -/// the label with key matches that of any node on which -/// a pod of the set of pods is running -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// A label query over a set of resources, in this case pods. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] - pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. - /// The term is applied to the union of the namespaces selected by this field - /// and the ones listed in the namespaces field. - /// null selector and null or empty namespaces list means "this pod's namespace". - /// An empty selector ({}) matches all namespaces. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. - /// The term is applied to the union of the namespaces listed in this field - /// and the ones selected by namespaceSelector. - /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". + +/// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. +/// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateVolumesCephfsSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - /// the labelSelector in the specified namespaces, where co-located is defined as running on a node - /// whose value of the label with key topologyKey matches that of any node on which any of the - /// selected pods is running. - /// Empty topologyKey is not allowed. - #[serde(rename = "topologyKey")] - pub topology_key: String, + pub name: Option, } -/// A label query over a set of resources, in this case pods. +/// cinder represents a cinder volume attached and mounted on kubelets host machine. +/// More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterShardingSpecsTemplateVolumesCinder { + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// More info: https://examples.k8s.io/mysql-cinder-pd/README.md + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// readOnly defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + /// More info: https://examples.k8s.io/mysql-cinder-pd/README.md + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretRef is optional: points to a secret object containing parameters used to connect + /// to OpenStack. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, + /// volumeID used to identify the volume in cinder. + /// More info: https://examples.k8s.io/mysql-cinder-pd/README.md + #[serde(rename = "volumeID")] + pub volume_id: String, } -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. +/// secretRef is optional: points to a secret object containing parameters used to connect +/// to OpenStack. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. +pub struct ClusterShardingSpecsTemplateVolumesCinderSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub name: Option, } -/// A label query over the set of namespaces that the term applies to. -/// The term is applied to the union of the namespaces selected by this field -/// and the ones listed in the namespaces field. -/// null selector and null or empty namespaces list means "this pod's namespace". -/// An empty selector ({}) matches all namespaces. +/// configMap represents a configMap that should populate this volume #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterShardingSpecsTemplateVolumesConfigMap { + /// defaultMode is optional: mode bits used to set permissions on created files by default. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// Defaults to 0644. + /// Directories within the path are not affected by this setting. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + /// items if unspecified, each key-value pair in the Data field of the referenced + /// ConfigMap will be projected into the volume as a file whose name is the + /// key and content is the value. If specified, the listed keys will be + /// projected into the specified paths, and unlisted keys will not be + /// present. If a key is specified which is not present in the ConfigMap, + /// the volume setup will error unless it is marked optional. Paths must be + /// relative and may not contain the '..' path or start with '..'. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// optional specify whether the ConfigMap or its keys must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, } -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. +/// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { - /// key is the label key that the selector applies to. +pub struct ClusterShardingSpecsTemplateVolumesConfigMapItems { + /// key is the key to project. pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. + /// mode is Optional: mode bits used to set permissions on this file. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub mode: Option, + /// path is the relative path of the file to map the key to. + /// May not be an absolute path. + /// May not contain the path element '..'. + /// May not start with the string '..'. + pub path: String, } -/// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). +/// csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAntiAffinity { - /// The scheduler will prefer to schedule pods to nodes that satisfy - /// the anti-affinity expressions specified by this field, but it may choose - /// a node that violates one or more of the expressions. The node that is - /// most preferred is the one with the greatest sum of weights, i.e. - /// for each node that meets all of the scheduling requirements (resource - /// request, requiredDuringScheduling anti-affinity expressions, etc.), - /// compute a sum by iterating through the elements of this field and adding - /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - /// node(s) with the highest sum are the most preferred. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] - pub preferred_during_scheduling_ignored_during_execution: Option>, - /// If the anti-affinity requirements specified by this field are not met at - /// scheduling time, the pod will not be scheduled onto the node. - /// If the anti-affinity requirements specified by this field cease to be met - /// at some point during pod execution (e.g. due to a pod label update), the - /// system may or may not try to eventually evict the pod from its node. - /// When there are multiple elements, the lists of nodes corresponding to each - /// podAffinityTerm are intersected, i.e. all terms must be satisfied. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] - pub required_during_scheduling_ignored_during_execution: Option>, +pub struct ClusterShardingSpecsTemplateVolumesCsi { + /// driver is the name of the CSI driver that handles this volume. + /// Consult with your admin for the correct name as registered in the cluster. + pub driver: String, + /// fsType to mount. Ex. "ext4", "xfs", "ntfs". + /// If not provided, the empty value is passed to the associated CSI driver + /// which will determine the default filesystem to apply. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// nodePublishSecretRef is a reference to the secret object containing + /// sensitive information to pass to the CSI driver to complete the CSI + /// NodePublishVolume and NodeUnpublishVolume calls. + /// This field is optional, and may be empty if no secret is required. If the + /// secret object contains more than one secret, all secret references are passed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodePublishSecretRef")] + pub node_publish_secret_ref: Option, + /// readOnly specifies a read-only configuration for the volume. + /// Defaults to false (read/write). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// volumeAttributes stores driver-specific properties that are passed to the CSI + /// driver. Consult your driver's documentation for supported values. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributes")] + pub volume_attributes: Option>, } -/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) +/// nodePublishSecretRef is a reference to the secret object containing +/// sensitive information to pass to the CSI driver to complete the CSI +/// NodePublishVolume and NodeUnpublishVolume calls. +/// This field is optional, and may be empty if no secret is required. If the +/// secret object contains more than one secret, all secret references are passed. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution { - /// Required. A pod affinity term, associated with the corresponding weight. - #[serde(rename = "podAffinityTerm")] - pub pod_affinity_term: ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, - /// weight associated with matching the corresponding podAffinityTerm, - /// in the range 1-100. - pub weight: i32, +pub struct ClusterShardingSpecsTemplateVolumesCsiNodePublishSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, } -/// Required. A pod affinity term, associated with the corresponding weight. +/// downwardAPI represents downward API about the pod that should populate this volume #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { - /// A label query over a set of resources, in this case pods. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] - pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. - /// The term is applied to the union of the namespaces selected by this field - /// and the ones listed in the namespaces field. - /// null selector and null or empty namespaces list means "this pod's namespace". - /// An empty selector ({}) matches all namespaces. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. - /// The term is applied to the union of the namespaces listed in this field - /// and the ones selected by namespaceSelector. - /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". +pub struct ClusterShardingSpecsTemplateVolumesDownwardApi { + /// Optional: mode bits to use on created files by default. Must be a + /// Optional: mode bits used to set permissions on created files by default. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// Defaults to 0644. + /// Directories within the path are not affected by this setting. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + /// Items is a list of downward API volume file #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - /// the labelSelector in the specified namespaces, where co-located is defined as running on a node - /// whose value of the label with key topologyKey matches that of any node on which any of the - /// selected pods is running. - /// Empty topologyKey is not allowed. - #[serde(rename = "topologyKey")] - pub topology_key: String, + pub items: Option>, } -/// A label query over a set of resources, in this case pods. +/// DownwardAPIVolumeFile represents information to create the file containing the pod field #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterShardingSpecsTemplateVolumesDownwardApiItems { + /// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] + pub field_ref: Option, + /// Optional: mode bits used to set permissions on this file, must be an octal value + /// between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + /// Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' + pub path: String, + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] + pub resource_field_ref: Option, } -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. +/// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, +pub struct ClusterShardingSpecsTemplateVolumesDownwardApiItemsFieldRef { + /// Version of the schema the FieldPath is written in terms of, defaults to "v1". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Path of the field to select in the specified API version. + #[serde(rename = "fieldPath")] + pub field_path: String, } -/// A label query over the set of namespaces that the term applies to. -/// The term is applied to the union of the namespaces selected by this field -/// and the ones listed in the namespaces field. -/// null selector and null or empty namespaces list means "this pod's namespace". -/// An empty selector ({}) matches all namespaces. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterShardingSpecsTemplateVolumesDownwardApiItemsResourceFieldRef { + /// Container name: required for volumes, optional for env vars + #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] + pub container_name: Option, + /// Specifies the output format of the exposed resources, defaults to "1" + #[serde(default, skip_serializing_if = "Option::is_none")] + pub divisor: Option, + /// Required: resource to select + pub resource: String, } -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. +/// emptyDir represents a temporary directory that shares a pod's lifetime. +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. +pub struct ClusterShardingSpecsTemplateVolumesEmptyDir { + /// medium represents what type of storage medium should back this directory. + /// The default is "" which means to use the node's default medium. + /// Must be an empty string (default) or Memory. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub medium: Option, + /// sizeLimit is the total amount of local storage required for this EmptyDir volume. + /// The size limit is also applicable for memory medium. + /// The maximum usage on memory medium EmptyDir would be the minimum value between + /// the SizeLimit specified here and the sum of memory limits of all containers in a pod. + /// The default is nil which means that the limit is undefined. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sizeLimit")] + pub size_limit: Option, } -/// Defines a set of pods (namely those matching the labelSelector -/// relative to the given namespace(s)) that this pod should be -/// co-located (affinity) or not co-located (anti-affinity) with, -/// where co-located is defined as running on a node whose value of -/// the label with key matches that of any node on which -/// a pod of the set of pods is running +/// ephemeral represents a volume that is handled by a cluster storage driver. +/// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, +/// and deleted when the pod is removed. +/// +/// +/// Use this if: +/// a) the volume is only needed while the pod runs, +/// b) features of normal volumes like restoring from snapshot or capacity +/// tracking are needed, +/// c) the storage driver is specified through a storage class, and +/// d) the storage driver supports dynamic volume provisioning through +/// a PersistentVolumeClaim (see EphemeralVolumeSource for more +/// information on the connection between this volume type +/// and PersistentVolumeClaim). +/// +/// +/// Use PersistentVolumeClaim or one of the vendor-specific +/// APIs for volumes that persist for longer than the lifecycle +/// of an individual pod. +/// +/// +/// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to +/// be used that way - see the documentation of the driver for +/// more information. +/// +/// +/// A pod can use both types of ephemeral volumes and +/// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// A label query over a set of resources, in this case pods. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] - pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. - /// The term is applied to the union of the namespaces selected by this field - /// and the ones listed in the namespaces field. - /// null selector and null or empty namespaces list means "this pod's namespace". - /// An empty selector ({}) matches all namespaces. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] - pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. - /// The term is applied to the union of the namespaces listed in this field - /// and the ones selected by namespaceSelector. - /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". +pub struct ClusterShardingSpecsTemplateVolumesEphemeral { + /// Will be used to create a stand-alone PVC to provision the volume. + /// The pod in which this EphemeralVolumeSource is embedded will be the + /// owner of the PVC, i.e. the PVC will be deleted together with the + /// pod. The name of the PVC will be `-` where + /// `` is the name from the `PodSpec.Volumes` array + /// entry. Pod validation will reject the pod if the concatenated name + /// is not valid for a PVC (for example, too long). + /// + /// + /// An existing PVC with that name that is not owned by the pod + /// will *not* be used for the pod to avoid using an unrelated + /// volume by mistake. Starting the pod is then blocked until + /// the unrelated PVC is removed. If such a pre-created PVC is + /// meant to be used by the pod, the PVC has to updated with an + /// owner reference to the pod once the pod exists. Normally + /// this should not be necessary, but it may be useful when + /// manually reconstructing a broken cluster. + /// + /// + /// This field is read-only and no changes will be made by Kubernetes + /// to the PVC after it has been created. + /// + /// + /// Required, must not be nil. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] + pub volume_claim_template: Option, +} + +/// Will be used to create a stand-alone PVC to provision the volume. +/// The pod in which this EphemeralVolumeSource is embedded will be the +/// owner of the PVC, i.e. the PVC will be deleted together with the +/// pod. The name of the PVC will be `-` where +/// `` is the name from the `PodSpec.Volumes` array +/// entry. Pod validation will reject the pod if the concatenated name +/// is not valid for a PVC (for example, too long). +/// +/// +/// An existing PVC with that name that is not owned by the pod +/// will *not* be used for the pod to avoid using an unrelated +/// volume by mistake. Starting the pod is then blocked until +/// the unrelated PVC is removed. If such a pre-created PVC is +/// meant to be used by the pod, the PVC has to updated with an +/// owner reference to the pod once the pod exists. Normally +/// this should not be necessary, but it may be useful when +/// manually reconstructing a broken cluster. +/// +/// +/// This field is read-only and no changes will be made by Kubernetes +/// to the PVC after it has been created. +/// +/// +/// Required, must not be nil. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateVolumesEphemeralVolumeClaimTemplate { + /// May contain labels and annotations that will be copied into the PVC + /// when creating it. No other fields are allowed and will be rejected during + /// validation. #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespaces: Option>, - /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - /// the labelSelector in the specified namespaces, where co-located is defined as running on a node - /// whose value of the label with key topologyKey matches that of any node on which any of the - /// selected pods is running. - /// Empty topologyKey is not allowed. - #[serde(rename = "topologyKey")] - pub topology_key: String, + pub metadata: Option, + /// The specification for the PersistentVolumeClaim. The entire content is + /// copied unchanged into the PVC that gets created from this + /// template. The same fields as in a PersistentVolumeClaim + /// are also valid here. + pub spec: ClusterShardingSpecsTemplateVolumesEphemeralVolumeClaimTemplateSpec, } -/// A label query over a set of resources, in this case pods. +/// May contain labels and annotations that will be copied into the PVC +/// when creating it. No other fields are allowed and will be rejected during +/// validation. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, +pub struct ClusterShardingSpecsTemplateVolumesEphemeralVolumeClaimTemplateMetadata { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub annotations: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub finalizers: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub labels: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, } -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. +/// The specification for the PersistentVolumeClaim. The entire content is +/// copied unchanged into the PVC that gets created from this +/// template. The same fields as in a PersistentVolumeClaim +/// are also valid here. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. +pub struct ClusterShardingSpecsTemplateVolumesEphemeralVolumeClaimTemplateSpec { + /// accessModes contains the desired access modes the volume should have. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] + pub access_modes: Option>, + /// dataSource field can be used to specify either: + /// * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + /// * An existing PVC (PersistentVolumeClaim) + /// If the provisioner or an external controller can support the specified data source, + /// it will create a new volume based on the contents of the specified data source. + /// When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + /// and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + /// If the namespace is specified, then dataSourceRef will not be copied to dataSource. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSource")] + pub data_source: Option, + /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + /// volume is desired. This may be any object from a non-empty API group (non + /// core object) or a PersistentVolumeClaim object. + /// When this field is specified, volume binding will only succeed if the type of + /// the specified object matches some installed volume populator or dynamic + /// provisioner. + /// This field will replace the functionality of the dataSource field and as such + /// if both fields are non-empty, they must have the same value. For backwards + /// compatibility, when namespace isn't specified in dataSourceRef, + /// both fields (dataSource and dataSourceRef) will be set to the same + /// value automatically if one of them is empty and the other is non-empty. + /// When namespace is specified in dataSourceRef, + /// dataSource isn't set to the same value and must be empty. + /// There are three important differences between dataSource and dataSourceRef: + /// * While dataSource only allows two specific types of objects, dataSourceRef + /// allows any non-core object, as well as PersistentVolumeClaim objects. + /// * While dataSource ignores disallowed values (dropping them), dataSourceRef + /// preserves all values, and generates an error if a disallowed value is + /// specified. + /// * While dataSource only allows local objects, dataSourceRef allows objects + /// in any namespaces. + /// (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + /// (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSourceRef")] + pub data_source_ref: Option, + /// resources represents the minimum resources the volume should have. + /// If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + /// that are lower than previous value but must still be higher than capacity recorded in the + /// status field of the claim. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, -} - -/// A label query over the set of namespaces that the term applies to. -/// The term is applied to the union of the namespaces selected by this field -/// and the ones listed in the namespaces field. -/// null selector and null or empty namespaces list means "this pod's namespace". -/// An empty selector ({}) matches all namespaces. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { - /// matchExpressions is a list of label selector requirements. The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - /// map is equivalent to an element of matchExpressions, whose key field is "key", the - /// operator is "In", and the values array contains only "value". The requirements are ANDed. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] - pub match_labels: Option>, + pub resources: Option, + /// selector is a label query over volumes to consider for binding. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// storageClassName is the name of the StorageClass required by the claim. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] + pub storage_class_name: Option, + /// volumeMode defines what type of volume is required by the claim. + /// Value of Filesystem is implied when not included in claim spec. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] + pub volume_mode: Option, + /// volumeName is the binding reference to the PersistentVolume backing this claim. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] + pub volume_name: Option, } -/// A label selector requirement is a selector that contains values, a key, and an operator that -/// relates the key and values. +/// dataSource field can be used to specify either: +/// * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +/// * An existing PVC (PersistentVolumeClaim) +/// If the provisioner or an external controller can support the specified data source, +/// it will create a new volume based on the contents of the specified data source. +/// When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +/// and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +/// If the namespace is specified, then dataSourceRef will not be copied to dataSource. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, +pub struct ClusterShardingSpecsTemplateVolumesEphemeralVolumeClaimTemplateSpecDataSource { + /// APIGroup is the group for the resource being referenced. + /// If APIGroup is not specified, the specified Kind must be in the core API group. + /// For any other third-party types, APIGroup is required. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] + pub api_group: Option, + /// Kind is the type of resource being referenced + pub kind: String, + /// Name is the name of resource being referenced + pub name: String, } -/// The pod this Toleration is attached to tolerates any taint that matches -/// the triple using the matching operator . +/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +/// volume is desired. This may be any object from a non-empty API group (non +/// core object) or a PersistentVolumeClaim object. +/// When this field is specified, volume binding will only succeed if the type of +/// the specified object matches some installed volume populator or dynamic +/// provisioner. +/// This field will replace the functionality of the dataSource field and as such +/// if both fields are non-empty, they must have the same value. For backwards +/// compatibility, when namespace isn't specified in dataSourceRef, +/// both fields (dataSource and dataSourceRef) will be set to the same +/// value automatically if one of them is empty and the other is non-empty. +/// When namespace is specified in dataSourceRef, +/// dataSource isn't set to the same value and must be empty. +/// There are three important differences between dataSource and dataSourceRef: +/// * While dataSource only allows two specific types of objects, dataSourceRef +/// allows any non-core object, as well as PersistentVolumeClaim objects. +/// * While dataSource ignores disallowed values (dropping them), dataSourceRef +/// preserves all values, and generates an error if a disallowed value is +/// specified. +/// * While dataSource only allows local objects, dataSourceRef allows objects +/// in any namespaces. +/// (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +/// (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyTolerations { - /// Effect indicates the taint effect to match. Empty means match all taint effects. - /// When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub effect: Option, - /// Key is the taint key that the toleration applies to. Empty means match all taint keys. - /// If the key is empty, operator must be Exists; this combination means to match all values and all keys. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub key: Option, - /// Operator represents a key's relationship to the value. - /// Valid operators are Exists and Equal. Defaults to Equal. - /// Exists is equivalent to wildcard for value, so that a pod can - /// tolerate all taints of a particular category. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub operator: Option, - /// TolerationSeconds represents the period of time the toleration (which must be - /// of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - /// it is not set, which means tolerate the taint forever (do not evict). Zero and - /// negative values will be treated as 0 (evict immediately) by the system. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] - pub toleration_seconds: Option, - /// Value is the taint value the toleration matches to. - /// If the operator is Exists, the value should be empty, otherwise just a regular string. +pub struct ClusterShardingSpecsTemplateVolumesEphemeralVolumeClaimTemplateSpecDataSourceRef { + /// APIGroup is the group for the resource being referenced. + /// If APIGroup is not specified, the specified Kind must be in the core API group. + /// For any other third-party types, APIGroup is required. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] + pub api_group: Option, + /// Kind is the type of resource being referenced + pub kind: String, + /// Name is the name of resource being referenced + pub name: String, + /// Namespace is the namespace of resource being referenced + /// Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + /// (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option, + pub namespace: Option, } -/// TopologySpreadConstraint specifies how to spread matching pods among the given topology. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyTopologySpreadConstraints { - /// LabelSelector is used to find matching pods. - /// Pods that match this label selector are counted to determine the number of pods - /// in their corresponding topology domain. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] - pub label_selector: Option, - /// MatchLabelKeys is a set of pod label keys to select the pods over which - /// spreading will be calculated. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are ANDed with labelSelector - /// to select the group of existing pods over which spreading will be calculated - /// for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// MatchLabelKeys cannot be set when LabelSelector isn't set. - /// Keys that don't exist in the incoming pod labels will - /// be ignored. A null or empty list means only match against labelSelector. - /// - /// - /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] - pub match_label_keys: Option>, - /// MaxSkew describes the degree to which pods may be unevenly distributed. - /// When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference - /// between the number of matching pods in the target topology and the global minimum. - /// The global minimum is the minimum number of matching pods in an eligible domain - /// or zero if the number of eligible domains is less than MinDomains. - /// For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - /// labelSelector spread as 2/2/1: - /// In this case, the global minimum is 1. - /// | zone1 | zone2 | zone3 | - /// | P P | P P | P | - /// - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; - /// scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) - /// violate MaxSkew(1). - /// - if MaxSkew is 2, incoming pod can be scheduled onto any zone. - /// When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence - /// to topologies that satisfy it. - /// It's a required field. Default value is 1 and 0 is not allowed. - #[serde(rename = "maxSkew")] - pub max_skew: i32, - /// MinDomains indicates a minimum number of eligible domains. - /// When the number of eligible domains with matching topology keys is less than minDomains, - /// Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. - /// And when the number of eligible domains with matching topology keys equals or greater than minDomains, - /// this value has no effect on scheduling. - /// As a result, when the number of eligible domains is less than minDomains, - /// scheduler won't schedule more than maxSkew Pods to those domains. - /// If value is nil, the constraint behaves as if MinDomains is equal to 1. - /// Valid values are integers greater than 0. - /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - /// - /// - /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same - /// labelSelector spread as 2/2/2: - /// | zone1 | zone2 | zone3 | - /// | P P | P P | P P | - /// The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. - /// In this situation, new pod with the same labelSelector cannot be scheduled, - /// because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, - /// it will violate MaxSkew. - /// - /// - /// This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). - #[serde(default, skip_serializing_if = "Option::is_none", rename = "minDomains")] - pub min_domains: Option, - /// NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector - /// when calculating pod topology spread skew. Options are: - /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - /// - /// - /// If this value is nil, the behavior is equivalent to the Honor policy. - /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] - pub node_affinity_policy: Option, - /// NodeTaintsPolicy indicates how we will treat node taints when calculating - /// pod topology spread skew. Options are: - /// - Honor: nodes without taints, along with tainted nodes for which the incoming pod - /// has a toleration, are included. - /// - Ignore: node taints are ignored. All nodes are included. - /// - /// - /// If this value is nil, the behavior is equivalent to the Ignore policy. - /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] - pub node_taints_policy: Option, - /// TopologyKey is the key of node labels. Nodes that have a label with this key - /// and identical values are considered to be in the same topology. - /// We consider each as a "bucket", and try to put balanced number - /// of pods into each bucket. - /// We define a domain as a particular instance of a topology. - /// Also, we define an eligible domain as a domain whose nodes meet the requirements of - /// nodeAffinityPolicy and nodeTaintsPolicy. - /// e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. - /// And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. - /// It's a required field. - #[serde(rename = "topologyKey")] - pub topology_key: String, - /// WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy - /// the spread constraint. - /// - DoNotSchedule (default) tells the scheduler not to schedule it. - /// - ScheduleAnyway tells the scheduler to schedule the pod in any location, - /// but giving higher precedence to topologies that would help reduce the - /// skew. - /// A constraint is considered "Unsatisfiable" for an incoming pod - /// if and only if every possible node assignment for that pod would violate - /// "MaxSkew" on some topology. - /// For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - /// labelSelector spread as 3/1/1: - /// | zone1 | zone2 | zone3 | - /// | P P P | P | P | - /// If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled - /// to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies - /// MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler - /// won't make it *more* imbalanced. - /// It's a required field. - #[serde(rename = "whenUnsatisfiable")] - pub when_unsatisfiable: String, +/// resources represents the minimum resources the volume should have. +/// If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +/// that are lower than previous value but must still be higher than capacity recorded in the +/// status field of the claim. +/// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateVolumesEphemeralVolumeClaimTemplateSpecResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, } -/// LabelSelector is used to find matching pods. -/// Pods that match this label selector are counted to determine the number of pods -/// in their corresponding topology domain. +/// ResourceClaim references one entry in PodSpec.ResourceClaims. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyTopologySpreadConstraintsLabelSelector { +pub struct ClusterShardingSpecsTemplateVolumesEphemeralVolumeClaimTemplateSpecResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. + pub name: String, +} + +/// selector is a label query over volumes to consider for binding. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateVolumesEphemeralVolumeClaimTemplateSpecSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] - pub match_expressions: Option>, + pub match_expressions: Option>, /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels /// map is equivalent to an element of matchExpressions, whose key field is "key", the /// operator is "In", and the values array contains only "value". The requirements are ANDed. @@ -10029,415 +13067,639 @@ pub struct ClusterShardingSpecsTemplateSchedulingPolicyTopologySpreadConstraints /// A label selector requirement is a selector that contains values, a key, and an operator that /// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSchedulingPolicyTopologySpreadConstraintsLabelSelectorMatchExpressions { - /// key is the label key that the selector applies to. - pub key: String, - /// operator represents a key's relationship to a set of values. - /// Valid operators are In, NotIn, Exists and DoesNotExist. - pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, - /// the values array must be non-empty. If the operator is Exists or DoesNotExist, - /// the values array must be empty. This array is replaced during a strategic - /// merge patch. +pub struct ClusterShardingSpecsTemplateVolumesEphemeralVolumeClaimTemplateSpecSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateVolumesFc { + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// TODO: how do we prevent errors in the filesystem from compromising the machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// lun is Optional: FC target lun number + #[serde(default, skip_serializing_if = "Option::is_none")] + pub lun: Option, + /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// targetWWNs is Optional: FC target worldwide names (WWNs) + #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetWWNs")] + pub target_ww_ns: Option>, + /// wwids Optional: FC volume world wide identifiers (wwids) + /// Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub wwids: Option>, +} + +/// flexVolume represents a generic volume resource that is +/// provisioned/attached using an exec based plugin. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateVolumesFlexVolume { + /// driver is the name of the driver to use for this volume. + pub driver: String, + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// options is Optional: this field holds extra command options if any. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub options: Option>, + /// readOnly is Optional: defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretRef is Optional: secretRef is reference to the secret object containing + /// sensitive information to pass to the plugin scripts. This may be + /// empty if no secret object is specified. If the secret object + /// contains more than one secret, all secrets are passed to the plugin + /// scripts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, +} + +/// secretRef is Optional: secretRef is reference to the secret object containing +/// sensitive information to pass to the plugin scripts. This may be +/// empty if no secret object is specified. If the secret object +/// contains more than one secret, all secrets are passed to the plugin +/// scripts. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateVolumesFlexVolumeSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateVolumesFlocker { + /// datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + /// should be considered as deprecated + #[serde(default, skip_serializing_if = "Option::is_none", rename = "datasetName")] + pub dataset_name: Option, + /// datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset + #[serde(default, skip_serializing_if = "Option::is_none", rename = "datasetUUID")] + pub dataset_uuid: Option, +} + +/// gcePersistentDisk represents a GCE Disk resource that is attached to a +/// kubelet's host machine and then exposed to the pod. +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateVolumesGcePersistentDisk { + /// fsType is filesystem type of the volume that you want to mount. + /// Tip: Ensure that the filesystem type is supported by the host operating system. + /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + /// TODO: how do we prevent errors in the filesystem from compromising the machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// partition is the partition in the volume that you want to mount. + /// If omitted, the default is to mount by volume name. + /// Examples: For volume /dev/sda1, you specify the partition as "1". + /// Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + #[serde(default, skip_serializing_if = "Option::is_none")] + pub partition: Option, + /// pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + #[serde(rename = "pdName")] + pub pd_name: String, + /// readOnly here will force the ReadOnly setting in VolumeMounts. + /// Defaults to false. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, +} + +/// gitRepo represents a git repository at a particular revision. +/// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +/// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +/// into the Pod's container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateVolumesGitRepo { + /// directory is the target directory name. + /// Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + /// git repository. Otherwise, if specified, the volume will contain the git repository in + /// the subdirectory with the given name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub directory: Option, + /// repository is the URL + pub repository: String, + /// revision is the commit hash for the specified revision. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub revision: Option, +} + +/// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +/// More info: https://examples.k8s.io/volumes/glusterfs/README.md +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateVolumesGlusterfs { + /// endpoints is the endpoint name that details Glusterfs topology. + /// More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + pub endpoints: String, + /// path is the Glusterfs volume path. + /// More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + pub path: String, + /// readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + /// Defaults to false. + /// More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, +} + +/// hostPath represents a pre-existing file or directory on the host +/// machine that is directly exposed to the container. This is generally +/// used for system agents or other privileged things that are allowed +/// to see the host machine. Most containers will NOT need this. +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +/// --- +/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not +/// mount host directories as read/write. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateVolumesHostPath { + /// path of the directory on the host. + /// If the path is a symlink, it will follow the link to the real path. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + pub path: String, + /// type for HostPath Volume + /// Defaults to "" + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + +/// iscsi represents an ISCSI Disk resource that is attached to a +/// kubelet's host machine and then exposed to the pod. +/// More info: https://examples.k8s.io/volumes/iscsi/README.md +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateVolumesIscsi { + /// chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication + #[serde(default, skip_serializing_if = "Option::is_none", rename = "chapAuthDiscovery")] + pub chap_auth_discovery: Option, + /// chapAuthSession defines whether support iSCSI Session CHAP authentication + #[serde(default, skip_serializing_if = "Option::is_none", rename = "chapAuthSession")] + pub chap_auth_session: Option, + /// fsType is the filesystem type of the volume that you want to mount. + /// Tip: Ensure that the filesystem type is supported by the host operating system. + /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + /// TODO: how do we prevent errors in the filesystem from compromising the machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// initiatorName is the custom iSCSI Initiator Name. + /// If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + /// : will be created for the connection. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "initiatorName")] + pub initiator_name: Option, + /// iqn is the target iSCSI Qualified Name. + pub iqn: String, + /// iscsiInterface is the interface Name that uses an iSCSI transport. + /// Defaults to 'default' (tcp). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "iscsiInterface")] + pub iscsi_interface: Option, + /// lun represents iSCSI Target Lun number. + pub lun: i32, + /// portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + /// is other than default (typically TCP ports 860 and 3260). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub portals: Option>, + /// readOnly here will force the ReadOnly setting in VolumeMounts. + /// Defaults to false. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretRef is the CHAP Secret for iSCSI target and initiator authentication + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, + /// targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + /// is other than default (typically TCP ports 860 and 3260). + #[serde(rename = "targetPortal")] + pub target_portal: String, +} + +/// secretRef is the CHAP Secret for iSCSI target and initiator authentication +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateVolumesIscsiSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] - pub values: Option>, + pub name: Option, } +/// nfs represents an NFS mount on the host that shares a pod's lifetime +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateServiceRefs { - /// Specifies the name of the KubeBlocks Cluster being referenced. - /// This is used when services from another KubeBlocks Cluster are consumed. - /// - /// - /// By default, the referenced KubeBlocks Cluster's `clusterDefinition.spec.connectionCredential` - /// will be utilized to bind to the current Component. This credential should include: - /// `endpoint`, `port`, `username`, and `password`. - /// - /// - /// Note: - /// - /// - /// - The `ServiceKind` and `ServiceVersion` specified in the service reference within the - /// ClusterDefinition are not validated when using this approach. - /// - If both `cluster` and `serviceDescriptor` are present, `cluster` will take precedence. - /// - /// - /// Deprecated since v0.9 since `clusterDefinition.spec.connectionCredential` is deprecated, - /// use `clusterServiceSelector` instead. - /// This field is maintained for backward compatibility and its use is discouraged. - /// Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cluster: Option, - /// References a service provided by another KubeBlocks Cluster. - /// It specifies the ClusterService and the account credentials needed for access. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterServiceSelector")] - pub cluster_service_selector: Option, - /// Specifies the identifier of the service reference declaration. - /// It corresponds to the serviceRefDeclaration name defined in either: - /// - /// - /// - `componentDefinition.spec.serviceRefDeclarations[*].name` - /// - `clusterDefinition.spec.componentDefs[*].serviceRefDeclarations[*].name` (deprecated) - pub name: String, - /// Specifies the namespace of the referenced Cluster or the namespace of the referenced ServiceDescriptor object. - /// If not provided, the referenced Cluster and ServiceDescriptor will be searched in the namespace of the current - /// Cluster by default. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespace: Option, - /// Specifies the name of the ServiceDescriptor object that describes a service provided by external sources. - /// - /// - /// When referencing a service provided by external sources, a ServiceDescriptor object is required to establish - /// the service binding. - /// The `serviceDescriptor.spec.serviceKind` and `serviceDescriptor.spec.serviceVersion` should match the serviceKind - /// and serviceVersion declared in the definition. - /// - /// - /// If both `cluster` and `serviceDescriptor` are specified, the `cluster` takes precedence. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceDescriptor")] - pub service_descriptor: Option, +pub struct ClusterShardingSpecsTemplateVolumesNfs { + /// path that is exported by the NFS server. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + pub path: String, + /// readOnly here will force the NFS export to be mounted with read-only permissions. + /// Defaults to false. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// server is the hostname or IP address of the NFS server. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + pub server: String, } -/// References a service provided by another KubeBlocks Cluster. -/// It specifies the ClusterService and the account credentials needed for access. +/// persistentVolumeClaimVolumeSource represents a reference to a +/// PersistentVolumeClaim in the same namespace. +/// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateServiceRefsClusterServiceSelector { - /// The name of the Cluster being referenced. - pub cluster: String, - /// Specifies the SystemAccount to authenticate and establish a connection with the referenced Cluster. - /// The SystemAccount should be defined in `componentDefinition.spec.systemAccounts` - /// of the Component providing the service in the referenced Cluster. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub credential: Option, - /// Identifies a ClusterService from the list of Services defined in `cluster.spec.services` of the referenced Cluster. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub service: Option, +pub struct ClusterShardingSpecsTemplateVolumesPersistentVolumeClaim { + /// claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + #[serde(rename = "claimName")] + pub claim_name: String, + /// readOnly Will force the ReadOnly setting in VolumeMounts. + /// Default false. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, } -/// Specifies the SystemAccount to authenticate and establish a connection with the referenced Cluster. -/// The SystemAccount should be defined in `componentDefinition.spec.systemAccounts` -/// of the Component providing the service in the referenced Cluster. +/// photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateServiceRefsClusterServiceSelectorCredential { - /// The name of the Component where the credential resides in. - pub component: String, - /// The name of the credential (SystemAccount) to reference. - pub name: String, +pub struct ClusterShardingSpecsTemplateVolumesPhotonPersistentDisk { + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// pdID is the ID that identifies Photon Controller persistent disk + #[serde(rename = "pdID")] + pub pd_id: String, } -/// Identifies a ClusterService from the list of Services defined in `cluster.spec.services` of the referenced Cluster. +/// portworxVolume represents a portworx volume attached and mounted on kubelets host machine #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateServiceRefsClusterServiceSelectorService { - /// The name of the Component where the Service resides in. - /// - /// - /// It is required when referencing a Component's Service. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub component: Option, - /// The port name of the Service to be referenced. - /// - /// - /// If there is a non-zero node-port exist for the matched Service port, the node-port will be selected first. - /// - /// - /// If the referenced Service is of pod-service type (a Service per Pod), there will be multiple Service objects matched, - /// and the resolved value will be presented in the following format: service1.name:port1,service2.name:port2... - #[serde(default, skip_serializing_if = "Option::is_none")] - pub port: Option, - /// The name of the Service to be referenced. - /// - /// - /// Leave it empty to reference the default Service. Set it to "headless" to reference the default headless Service. - /// - /// - /// If the referenced Service is of pod-service type (a Service per Pod), there will be multiple Service objects matched, - /// and the resolved value will be presented in the following format: service1.name,service2.name... - pub service: String, +pub struct ClusterShardingSpecsTemplateVolumesPortworxVolume { + /// fSType represents the filesystem type to mount + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// readOnly defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// volumeID uniquely identifies a Portworx volume + #[serde(rename = "volumeID")] + pub volume_id: String, } +/// projected items for all in one resources secrets, configmaps, and downward API #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateServices { - /// If ServiceType is LoadBalancer, cloud provider related parameters can be put here. - /// More info: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer. +pub struct ClusterShardingSpecsTemplateVolumesProjected { + /// defaultMode are the mode bits used to set permissions on created files by default. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// Directories within the path are not affected by this setting. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + /// sources is the list of volume projections #[serde(default, skip_serializing_if = "Option::is_none")] - pub annotations: Option>, - /// References the ComponentService name defined in the `componentDefinition.spec.services[*].name`. - pub name: String, - /// Indicates whether to generate individual Services for each Pod. - /// If set to true, a separate Service will be created for each Pod in the Cluster. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "podService")] - pub pod_service: Option, - /// Determines how the Service is exposed. Valid options are `ClusterIP`, `NodePort`, and `LoadBalancer`. - /// - /// - /// - `ClusterIP` allocates a Cluster-internal IP address for load-balancing to endpoints. - /// Endpoints are determined by the selector or if that is not specified, - /// they are determined by manual construction of an Endpoints object or EndpointSlice objects. - /// - `NodePort` builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the ClusterIP. - /// - `LoadBalancer` builds on NodePort and creates an external load-balancer (if supported in the current cloud) - /// which routes to the same endpoints as the ClusterIP. - /// - /// - /// Note: although K8s Service type allows the 'ExternalName' type, it is not a valid option for ClusterComponentService. - /// - /// - /// For more info, see: - /// https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceType")] - pub service_type: Option, + pub sources: Option>, } -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ClusterShardingSpecsTemplateServicesServiceType { - #[serde(rename = "ClusterIP")] - ClusterIp, - NodePort, - LoadBalancer, +/// Projection that may be projected along with other supported volume types +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateVolumesProjectedSources { + /// configMap information about the configMap data to project + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// downwardAPI information about the downwardAPI data to project + #[serde(default, skip_serializing_if = "Option::is_none", rename = "downwardAPI")] + pub downward_api: Option, + /// secret information about the secret data to project + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, + /// serviceAccountToken is information about the serviceAccountToken data to project + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccountToken")] + pub service_account_token: Option, } -/// Defines the strategy for switchover and failover when workloadType is Replication. -/// -/// -/// Deprecated since v0.9. -/// This field is maintained for backward compatibility and its use is discouraged. -/// Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. +/// configMap information about the configMap data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSwitchPolicy { - /// Type specifies the type of switch policy to be applied. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] - pub r#type: Option, +pub struct ClusterShardingSpecsTemplateVolumesProjectedSourcesConfigMap { + /// items if unspecified, each key-value pair in the Data field of the referenced + /// ConfigMap will be projected into the volume as a file whose name is the + /// key and content is the value. If specified, the listed keys will be + /// projected into the specified paths, and unlisted keys will not be + /// present. If a key is specified which is not present in the ConfigMap, + /// the volume setup will error unless it is marked optional. Paths must be + /// relative and may not contain the '..' path or start with '..'. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// optional specify whether the ConfigMap or its keys must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, } -/// Defines the strategy for switchover and failover when workloadType is Replication. -/// -/// -/// Deprecated since v0.9. -/// This field is maintained for backward compatibility and its use is discouraged. -/// Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ClusterShardingSpecsTemplateSwitchPolicyType { - Noop, +/// Maps a string key to a path within a volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateVolumesProjectedSourcesConfigMapItems { + /// key is the key to project. + pub key: String, + /// mode is Optional: mode bits used to set permissions on this file. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + /// path is the relative path of the file to map the key to. + /// May not be an absolute path. + /// May not contain the path element '..'. + /// May not start with the string '..'. + pub path: String, } +/// downwardAPI information about the downwardAPI data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSystemAccounts { - /// The name of the system account. - pub name: String, - /// Specifies the policy for generating the account's password. - /// - /// - /// This field is immutable once set. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "passwordConfig")] - pub password_config: Option, - /// Refers to the secret from which data will be copied to create the new account. - /// - /// - /// This field is immutable once set. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] - pub secret_ref: Option, +pub struct ClusterShardingSpecsTemplateVolumesProjectedSourcesDownwardApi { + /// Items is a list of DownwardAPIVolume file + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, } -/// Specifies the policy for generating the account's password. -/// -/// -/// This field is immutable once set. +/// DownwardAPIVolumeFile represents information to create the file containing the pod field #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSystemAccountsPasswordConfig { - /// The length of the password. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub length: Option, - /// The case of the letters in the password. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "letterCase")] - pub letter_case: Option, - /// The number of digits in the password. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "numDigits")] - pub num_digits: Option, - /// The number of symbols in the password. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "numSymbols")] - pub num_symbols: Option, - /// Seed to generate the account's password. - /// Cannot be updated. +pub struct ClusterShardingSpecsTemplateVolumesProjectedSourcesDownwardApiItems { + /// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] + pub field_ref: Option, + /// Optional: mode bits used to set permissions on this file, must be an octal value + /// between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] - pub seed: Option, + pub mode: Option, + /// Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' + pub path: String, + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] + pub resource_field_ref: Option, } -/// Specifies the policy for generating the account's password. -/// -/// -/// This field is immutable once set. -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ClusterShardingSpecsTemplateSystemAccountsPasswordConfigLetterCase { - LowerCases, - UpperCases, - MixedCases, +/// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateVolumesProjectedSourcesDownwardApiItemsFieldRef { + /// Version of the schema the FieldPath is written in terms of, defaults to "v1". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Path of the field to select in the specified API version. + #[serde(rename = "fieldPath")] + pub field_path: String, } -/// Refers to the secret from which data will be copied to create the new account. -/// -/// -/// This field is immutable once set. +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateSystemAccountsSecretRef { - /// The unique identifier of the secret. - pub name: String, - /// The namespace where the secret is located. - pub namespace: String, +pub struct ClusterShardingSpecsTemplateVolumesProjectedSourcesDownwardApiItemsResourceFieldRef { + /// Container name: required for volumes, optional for env vars + #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] + pub container_name: Option, + /// Specifies the output format of the exposed resources, defaults to "1" + #[serde(default, skip_serializing_if = "Option::is_none")] + pub divisor: Option, + /// Required: resource to select + pub resource: String, } -/// The pod this Toleration is attached to tolerates any taint that matches -/// the triple using the matching operator . +/// secret information about the secret data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateTolerations { - /// Effect indicates the taint effect to match. Empty means match all taint effects. - /// When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. +pub struct ClusterShardingSpecsTemplateVolumesProjectedSourcesSecret { + /// items if unspecified, each key-value pair in the Data field of the referenced + /// Secret will be projected into the volume as a file whose name is the + /// key and content is the value. If specified, the listed keys will be + /// projected into the specified paths, and unlisted keys will not be + /// present. If a key is specified which is not present in the Secret, + /// the volume setup will error unless it is marked optional. Paths must be + /// relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] - pub effect: Option, - /// Key is the taint key that the toleration applies to. Empty means match all taint keys. - /// If the key is empty, operator must be Exists; this combination means to match all values and all keys. + pub items: Option>, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] - pub key: Option, - /// Operator represents a key's relationship to the value. - /// Valid operators are Exists and Equal. Defaults to Equal. - /// Exists is equivalent to wildcard for value, so that a pod can - /// tolerate all taints of a particular category. + pub name: Option, + /// optional field specify whether the Secret or its key must be defined #[serde(default, skip_serializing_if = "Option::is_none")] - pub operator: Option, - /// TolerationSeconds represents the period of time the toleration (which must be - /// of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - /// it is not set, which means tolerate the taint forever (do not evict). Zero and - /// negative values will be treated as 0 (evict immediately) by the system. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] - pub toleration_seconds: Option, - /// Value is the taint value the toleration matches to. - /// If the operator is Exists, the value should be empty, otherwise just a regular string. + pub optional: Option, +} + +/// Maps a string key to a path within a volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateVolumesProjectedSourcesSecretItems { + /// key is the key to project. + pub key: String, + /// mode is Optional: mode bits used to set permissions on this file. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option, + pub mode: Option, + /// path is the relative path of the file to map the key to. + /// May not be an absolute path. + /// May not contain the path element '..'. + /// May not start with the string '..'. + pub path: String, } -/// The template for generating Components for shards, where each shard consists of one Component. -/// This field is of type ClusterComponentSpec, which encapsulates all the required details and -/// definitions for creating and managing the Components. -/// KubeBlocks uses this template to generate a set of identical Components or shards. -/// All the generated Components will have the same specifications and definitions as specified in the `template` field. -/// -/// -/// This allows for the creation of multiple Components with consistent configurations, -/// enabling sharding and distribution of workloads across Components. -#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] -pub enum ClusterShardingSpecsTemplateUpdateStrategy { - Serial, - BestEffortParallel, - Parallel, +/// serviceAccountToken is information about the serviceAccountToken data to project +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterShardingSpecsTemplateVolumesProjectedSourcesServiceAccountToken { + /// audience is the intended audience of the token. A recipient of a token + /// must identify itself with an identifier specified in the audience of the + /// token, and otherwise should reject the token. The audience defaults to the + /// identifier of the apiserver. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub audience: Option, + /// expirationSeconds is the requested duration of validity of the service + /// account token. As the token approaches expiration, the kubelet volume + /// plugin will proactively rotate the service account token. The kubelet will + /// start trying to rotate the token if the token is older than 80 percent of + /// its time to live or if the token is older than 24 hours.Defaults to 1 hour + /// and must be at least 10 minutes. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "expirationSeconds")] + pub expiration_seconds: Option, + /// path is the path relative to the mount point of the file to project the + /// token into. + pub path: String, } -/// Allows users to specify custom ConfigMaps and Secrets to be mounted as volumes -/// in the Cluster's Pods. -/// This is useful in scenarios where users need to provide additional resources to the Cluster, such as: -/// -/// -/// - Mounting custom scripts or configuration files during Cluster startup. -/// - Mounting Secrets as volumes to provide sensitive information, like S3 AK/SK, to the Cluster. +/// quobyte represents a Quobyte mount on the host that shares a pod's lifetime #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateUserResourceRefs { - /// ConfigMapRefs defines the user-defined ConfigMaps. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapRefs")] - pub config_map_refs: Option>, - /// SecretRefs defines the user-defined Secrets. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRefs")] - pub secret_refs: Option>, +pub struct ClusterShardingSpecsTemplateVolumesQuobyte { + /// group to map volume access to + /// Default is no group + #[serde(default, skip_serializing_if = "Option::is_none")] + pub group: Option, + /// readOnly here will force the Quobyte volume to be mounted with read-only permissions. + /// Defaults to false. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// registry represents a single or multiple Quobyte Registry services + /// specified as a string as host:port pair (multiple entries are separated with commas) + /// which acts as the central registry for volumes + pub registry: String, + /// tenant owning the given Quobyte volume in the Backend + /// Used with dynamically provisioned Quobyte volumes, value is set by the plugin + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tenant: Option, + /// user to map volume access to + /// Defaults to serivceaccount user + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, + /// volume is a string that references an already created Quobyte volume by name. + pub volume: String, } -/// ConfigMapRef defines a reference to a ConfigMap. +/// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +/// More info: https://examples.k8s.io/volumes/rbd/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateUserResourceRefsConfigMapRefs { - /// AsVolumeFrom lists the names of containers in which the volume should be mounted. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "asVolumeFrom")] - pub as_volume_from: Option>, - /// ConfigMap specifies the ConfigMap to be mounted as a volume. - #[serde(rename = "configMap")] - pub config_map: ClusterShardingSpecsTemplateUserResourceRefsConfigMapRefsConfigMap, - /// MountPoint is the filesystem path where the volume will be mounted. - #[serde(rename = "mountPoint")] - pub mount_point: String, - /// Name is the name of the referenced ConfigMap or Secret object. It must conform to DNS label standards. - pub name: String, - /// SubPath specifies a path within the volume from which to mount. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] - pub sub_path: Option, +pub struct ClusterShardingSpecsTemplateVolumesRbd { + /// fsType is the filesystem type of the volume that you want to mount. + /// Tip: Ensure that the filesystem type is supported by the host operating system. + /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + /// TODO: how do we prevent errors in the filesystem from compromising the machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// image is the rados image name. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + pub image: String, + /// keyring is the path to key ring for RBDUser. + /// Default is /etc/ceph/keyring. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none")] + pub keyring: Option, + /// monitors is a collection of Ceph monitors. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + pub monitors: Vec, + /// pool is the rados pool name. + /// Default is rbd. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none")] + pub pool: Option, + /// readOnly here will force the ReadOnly setting in VolumeMounts. + /// Defaults to false. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretRef is name of the authentication secret for RBDUser. If provided + /// overrides keyring. + /// Default is nil. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, + /// user is the rados user name. + /// Default is admin. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, } -/// ConfigMap specifies the ConfigMap to be mounted as a volume. +/// secretRef is name of the authentication secret for RBDUser. If provided +/// overrides keyring. +/// Default is nil. +/// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateUserResourceRefsConfigMapRefsConfigMap { - /// defaultMode is optional: mode bits used to set permissions on created files by default. - /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - /// Defaults to 0644. - /// Directories within the path are not affected by this setting. - /// This might be in conflict with other options that affect the file - /// mode, like fsGroup, and the result can be other mode bits set. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] - pub default_mode: Option, - /// items if unspecified, each key-value pair in the Data field of the referenced - /// ConfigMap will be projected into the volume as a file whose name is the - /// key and content is the value. If specified, the listed keys will be - /// projected into the specified paths, and unlisted keys will not be - /// present. If a key is specified which is not present in the ConfigMap, - /// the volume setup will error unless it is marked optional. Paths must be - /// relative and may not contain the '..' path or start with '..'. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub items: Option>, +pub struct ClusterShardingSpecsTemplateVolumesRbdSecretRef { /// Name of the referent. /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// optional specify whether the ConfigMap or its keys must be defined - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, } -/// Maps a string key to a path within a volume. +/// scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateUserResourceRefsConfigMapRefsConfigMapItems { - /// key is the key to project. - pub key: String, - /// mode is Optional: mode bits used to set permissions on this file. - /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - /// If not specified, the volume defaultMode will be used. - /// This might be in conflict with other options that affect the file - /// mode, like fsGroup, and the result can be other mode bits set. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub mode: Option, - /// path is the relative path of the file to map the key to. - /// May not be an absolute path. - /// May not contain the path element '..'. - /// May not start with the string '..'. - pub path: String, +pub struct ClusterShardingSpecsTemplateVolumesScaleIo { + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". + /// Default is "xfs". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// gateway is the host address of the ScaleIO API Gateway. + pub gateway: String, + /// protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "protectionDomain")] + pub protection_domain: Option, + /// readOnly Defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretRef references to the secret for ScaleIO user and other + /// sensitive information. If this is not provided, Login operation will fail. + #[serde(rename = "secretRef")] + pub secret_ref: ClusterShardingSpecsTemplateVolumesScaleIoSecretRef, + /// sslEnabled Flag enable/disable SSL communication with Gateway, default false + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sslEnabled")] + pub ssl_enabled: Option, + /// storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + /// Default is ThinProvisioned. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageMode")] + pub storage_mode: Option, + /// storagePool is the ScaleIO Storage Pool associated with the protection domain. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePool")] + pub storage_pool: Option, + /// system is the name of the storage system as configured in ScaleIO. + pub system: String, + /// volumeName is the name of a volume already created in the ScaleIO system + /// that is associated with this volume source. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] + pub volume_name: Option, } -/// SecretRef defines a reference to a Secret. +/// secretRef references to the secret for ScaleIO user and other +/// sensitive information. If this is not provided, Login operation will fail. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateUserResourceRefsSecretRefs { - /// AsVolumeFrom lists the names of containers in which the volume should be mounted. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "asVolumeFrom")] - pub as_volume_from: Option>, - /// MountPoint is the filesystem path where the volume will be mounted. - #[serde(rename = "mountPoint")] - pub mount_point: String, - /// Name is the name of the referenced ConfigMap or Secret object. It must conform to DNS label standards. - pub name: String, - /// Secret specifies the Secret to be mounted as a volume. - pub secret: ClusterShardingSpecsTemplateUserResourceRefsSecretRefsSecret, - /// SubPath specifies a path within the volume from which to mount. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] - pub sub_path: Option, +pub struct ClusterShardingSpecsTemplateVolumesScaleIoSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, } -/// Secret specifies the Secret to be mounted as a volume. +/// secret represents a secret that should populate this volume. +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#secret #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateUserResourceRefsSecretRefsSecret { +pub struct ClusterShardingSpecsTemplateVolumesSecret { /// defaultMode is Optional: mode bits used to set permissions on created files by default. /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. /// YAML accepts both octal and decimal values, JSON requires decimal values @@ -10455,7 +13717,7 @@ pub struct ClusterShardingSpecsTemplateUserResourceRefsSecretRefsSecret { /// the volume setup will error unless it is marked optional. Paths must be /// relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] - pub items: Option>, + pub items: Option>, /// optional field specify whether the Secret or its keys must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, @@ -10467,7 +13729,7 @@ pub struct ClusterShardingSpecsTemplateUserResourceRefsSecretRefsSecret { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateUserResourceRefsSecretRefsSecretItems { +pub struct ClusterShardingSpecsTemplateVolumesSecretItems { /// key is the key to project. pub key: String, /// mode is Optional: mode bits used to set permissions on this file. @@ -10485,90 +13747,64 @@ pub struct ClusterShardingSpecsTemplateUserResourceRefsSecretRefsSecretItems { pub path: String, } +/// storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateVolumeClaimTemplates { - /// Refers to the name of a volumeMount defined in either: - /// - /// - /// - `componentDefinition.spec.runtime.containers[*].volumeMounts` - /// - `clusterDefinition.spec.componentDefs[*].podSpec.containers[*].volumeMounts` (deprecated) - /// - /// - /// The value of `name` must match the `name` field of a volumeMount specified in the corresponding `volumeMounts` array. - pub name: String, - /// Defines the desired characteristics of a PersistentVolumeClaim that will be created for the volume - /// with the mount name specified in the `name` field. - /// - /// - /// When a Pod is created for this ClusterComponent, a new PVC will be created based on the specification - /// defined in the `spec` field. The PVC will be associated with the volume mount specified by the `name` field. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub spec: Option, -} - -/// Defines the desired characteristics of a PersistentVolumeClaim that will be created for the volume -/// with the mount name specified in the `name` field. -/// -/// -/// When a Pod is created for this ClusterComponent, a new PVC will be created based on the specification -/// defined in the `spec` field. The PVC will be associated with the volume mount specified by the `name` field. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateVolumeClaimTemplatesSpec { - /// Contains the desired access modes the volume should have. - /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] - pub access_modes: Option>, - /// Represents the minimum resources the volume should have. - /// If the RecoverVolumeExpansionFailure feature is enabled, users are allowed to specify resource requirements that - /// are lower than the previous value but must still be higher than the capacity recorded in the status field of the claim. - /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub resources: Option, - /// The name of the StorageClass required by the claim. - /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] - pub storage_class_name: Option, - /// Defines what type of volume is required by the claim, either Block or Filesystem. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] - pub volume_mode: Option, +pub struct ClusterShardingSpecsTemplateVolumesStorageos { + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// readOnly defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretRef specifies the secret to use for obtaining the StorageOS API + /// credentials. If not specified, default values will be attempted. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, + /// volumeName is the human-readable name of the StorageOS volume. Volume + /// names are only unique within a namespace. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] + pub volume_name: Option, + /// volumeNamespace specifies the scope of the volume within StorageOS. If no + /// namespace is specified then the Pod's namespace will be used. This allows the + /// Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + /// Set VolumeName to any name to override the default behaviour. + /// Set to "default" if you are not using namespaces within StorageOS. + /// Namespaces that do not pre-exist within StorageOS will be created. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeNamespace")] + pub volume_namespace: Option, } -/// Represents the minimum resources the volume should have. -/// If the RecoverVolumeExpansionFailure feature is enabled, users are allowed to specify resource requirements that -/// are lower than the previous value but must still be higher than the capacity recorded in the status field of the claim. -/// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources. +/// secretRef specifies the secret to use for obtaining the StorageOS API +/// credentials. If not specified, default values will be attempted. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateVolumeClaimTemplatesSpecResources { - /// Claims lists the names of resources, defined in spec.resourceClaims, - /// that are used by this container. - /// - /// - /// This is an alpha field and requires enabling the - /// DynamicResourceAllocation feature gate. - /// - /// - /// This field is immutable. It can only be set for containers. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub claims: Option>, - /// Limits describes the maximum amount of compute resources allowed. - /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - #[serde(default, skip_serializing_if = "Option::is_none")] - pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. - /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - /// otherwise to an implementation-defined value. Requests cannot exceed Limits. - /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +pub struct ClusterShardingSpecsTemplateVolumesStorageosSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] - pub requests: Option>, + pub name: Option, } -/// ResourceClaim references one entry in PodSpec.ResourceClaims. +/// vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterShardingSpecsTemplateVolumeClaimTemplatesSpecResourcesClaims { - /// Name must match the name of one entry in pod.spec.resourceClaims of - /// the Pod where this field is used. It makes that resource available - /// inside a container. - pub name: String, +pub struct ClusterShardingSpecsTemplateVolumesVsphereVolume { + /// fsType is filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePolicyID")] + pub storage_policy_id: Option, + /// storagePolicyName is the storage Policy Based Management (SPBM) profile name. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePolicyName")] + pub storage_policy_name: Option, + /// volumePath is the path that identifies vSphere volume vmdk + #[serde(rename = "volumePath")] + pub volume_path: String, } /// Specifies the storage of the first componentSpec, if the storage of the first componentSpec is specified, diff --git a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/componentdefinitions.rs b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/componentdefinitions.rs index 427478110..80f6cc85f 100644 --- a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/componentdefinitions.rs +++ b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/componentdefinitions.rs @@ -142,6 +142,15 @@ pub struct ComponentDefinitionSpec { /// monitor is monitoring config which provided by provider. #[serde(default, skip_serializing_if = "Option::is_none")] pub monitor: Option, + /// InstanceSet controls the creation of pods during initial scale up, replacement of pods on nodes, and scaling down. + /// + /// + /// - `OrderedReady`: Creates pods in increasing order (pod-0, then pod-1, etc). The controller waits until each pod + /// is ready before continuing. Pods are removed in reverse order when scaling down. + /// - `Parallel`: Creates pods in parallel to match the desired scale without waiting. All pods are deleted at once + /// when scaling down. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podManagementPolicy")] + pub pod_management_policy: Option, /// Defines the namespaced policy rules required by the Component. /// /// @@ -13233,8 +13242,7 @@ pub struct ComponentDefinitionServicesSpecSessionAffinityConfigClientIp { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ComponentDefinitionSystemAccounts { - /// Indicates if this account is the unique system initialization account (e.g., MySQL root). - /// Only one system initialization account is permitted. + /// Indicates if this account is a system initialization account (e.g., MySQL root). /// /// /// This field is immutable once set. diff --git a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/components.rs b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/components.rs index c5a4a5a15..bc5d8b834 100644 --- a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/components.rs +++ b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/components.rs @@ -28,9 +28,13 @@ pub struct ComponentSpec { /// Deprecated since v0.10, replaced by the `schedulingPolicy` field. #[serde(default, skip_serializing_if = "Option::is_none")] pub affinity: Option, + /// Specifies Annotations to override or add for underlying Pods. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub annotations: Option>, /// Specifies the name of the referenced ComponentDefinition. #[serde(rename = "compDef")] pub comp_def: String, + /// Specifies the configuration content of a config template. #[serde(default, skip_serializing_if = "Option::is_none")] pub configs: Option>, /// Determines whether metrics exporter information is annotated on the Component's headless Service. @@ -62,6 +66,9 @@ pub struct ComponentSpec { /// ``` #[serde(default, skip_serializing_if = "Option::is_none", rename = "enabledLogs")] pub enabled_logs: Option>, + /// List of environment variables to add. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub env: Option>, /// Allows for the customization of configuration values for each instance within a Component. /// An Instance represent a single replica (Pod and associated K8s resources like PVCs, Services, and ConfigMaps). /// While instances typically share a common configuration as defined in the ClusterComponentSpec, @@ -85,6 +92,9 @@ pub struct ComponentSpec { /// Any remaining replicas will be generated using the default template and will follow the default naming rules. #[serde(default, skip_serializing_if = "Option::is_none")] pub instances: Option>, + /// Specifies Labels to override or add for underlying Pods. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub labels: Option>, /// Specifies the names of instances to be transitioned to offline status. /// /// @@ -206,6 +216,9 @@ pub struct ComponentSpec { /// These templates are used to dynamically provision persistent volumes for the Component. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplates")] pub volume_claim_templates: Option>, + /// List of volumes to override. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub volumes: Option>, } /// Specifies a group of affinity scheduling rules for the Component. @@ -371,6 +384,102 @@ pub struct ComponentConfigsConfigMapItems { pub path: String, } +/// EnvVar represents an environment variable present in a Container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentEnv { + /// Name of the environment variable. Must be a C_IDENTIFIER. + pub name: String, + /// Variable references $(VAR_NAME) are expanded + /// using the previously defined environment variables in the container and + /// any service environment variables. If a variable cannot be resolved, + /// the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + /// "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + /// Escaped references will never be expanded, regardless of whether the variable + /// exists or not. + /// Defaults to "". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, + /// Source for the environment variable's value. Cannot be used if value is not empty. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] + pub value_from: Option, +} + +/// Source for the environment variable's value. Cannot be used if value is not empty. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentEnvValueFrom { + /// Selects a key of a ConfigMap. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] + pub config_map_key_ref: Option, + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] + pub field_ref: Option, + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] + pub resource_field_ref: Option, + /// Selects a key of a secret in the pod's namespace + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, +} + +/// Selects a key of a ConfigMap. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentEnvValueFromConfigMapKeyRef { + /// The key to select. + pub key: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentEnvValueFromFieldRef { + /// Version of the schema the FieldPath is written in terms of, defaults to "v1". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Path of the field to select in the specified API version. + #[serde(rename = "fieldPath")] + pub field_path: String, +} + +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentEnvValueFromResourceFieldRef { + /// Container name: required for volumes, optional for env vars + #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] + pub container_name: Option, + /// Specifies the output format of the exposed resources, defaults to "1" + #[serde(default, skip_serializing_if = "Option::is_none")] + pub divisor: Option, + /// Required: resource to select + pub resource: String, +} + +/// Selects a key of a secret in the pod's namespace +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentEnvValueFromSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + /// InstanceTemplate allows customization of individual replica configurations in a Component. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ComponentInstances { @@ -4610,6 +4719,1514 @@ pub struct ComponentVolumeClaimTemplatesSpecResourcesClaims { pub name: String, } +/// Volume represents a named volume in a pod that may be accessed by any container in the pod. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumes { + /// awsElasticBlockStore represents an AWS Disk resource that is attached to a + /// kubelet's host machine and then exposed to the pod. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + #[serde(default, skip_serializing_if = "Option::is_none", rename = "awsElasticBlockStore")] + pub aws_elastic_block_store: Option, + /// azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "azureDisk")] + pub azure_disk: Option, + /// azureFile represents an Azure File Service mount on the host and bind mount to the pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "azureFile")] + pub azure_file: Option, + /// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cephfs: Option, + /// cinder represents a cinder volume attached and mounted on kubelets host machine. + /// More info: https://examples.k8s.io/mysql-cinder-pd/README.md + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cinder: Option, + /// configMap represents a configMap that should populate this volume + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub csi: Option, + /// downwardAPI represents downward API about the pod that should populate this volume + #[serde(default, skip_serializing_if = "Option::is_none", rename = "downwardAPI")] + pub downward_api: Option, + /// emptyDir represents a temporary directory that shares a pod's lifetime. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDir")] + pub empty_dir: Option, + /// ephemeral represents a volume that is handled by a cluster storage driver. + /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + /// and deleted when the pod is removed. + /// + /// + /// Use this if: + /// a) the volume is only needed while the pod runs, + /// b) features of normal volumes like restoring from snapshot or capacity + /// tracking are needed, + /// c) the storage driver is specified through a storage class, and + /// d) the storage driver supports dynamic volume provisioning through + /// a PersistentVolumeClaim (see EphemeralVolumeSource for more + /// information on the connection between this volume type + /// and PersistentVolumeClaim). + /// + /// + /// Use PersistentVolumeClaim or one of the vendor-specific + /// APIs for volumes that persist for longer than the lifecycle + /// of an individual pod. + /// + /// + /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + /// be used that way - see the documentation of the driver for + /// more information. + /// + /// + /// A pod can use both types of ephemeral volumes and + /// persistent volumes at the same time. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ephemeral: Option, + /// fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub fc: Option, + /// flexVolume represents a generic volume resource that is + /// provisioned/attached using an exec based plugin. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "flexVolume")] + pub flex_volume: Option, + /// flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running + #[serde(default, skip_serializing_if = "Option::is_none")] + pub flocker: Option, + /// gcePersistentDisk represents a GCE Disk resource that is attached to a + /// kubelet's host machine and then exposed to the pod. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gcePersistentDisk")] + pub gce_persistent_disk: Option, + /// gitRepo represents a git repository at a particular revision. + /// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + /// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + /// into the Pod's container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gitRepo")] + pub git_repo: Option, + /// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + /// More info: https://examples.k8s.io/volumes/glusterfs/README.md + #[serde(default, skip_serializing_if = "Option::is_none")] + pub glusterfs: Option, + /// hostPath represents a pre-existing file or directory on the host + /// machine that is directly exposed to the container. This is generally + /// used for system agents or other privileged things that are allowed + /// to see the host machine. Most containers will NOT need this. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + /// --- + /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + /// mount host directories as read/write. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] + pub host_path: Option, + /// iscsi represents an ISCSI Disk resource that is attached to a + /// kubelet's host machine and then exposed to the pod. + /// More info: https://examples.k8s.io/volumes/iscsi/README.md + #[serde(default, skip_serializing_if = "Option::is_none")] + pub iscsi: Option, + /// name of the volume. + /// Must be a DNS_LABEL and unique within the pod. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + pub name: String, + /// nfs represents an NFS mount on the host that shares a pod's lifetime + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + #[serde(default, skip_serializing_if = "Option::is_none")] + pub nfs: Option, + /// persistentVolumeClaimVolumeSource represents a reference to a + /// PersistentVolumeClaim in the same namespace. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + #[serde(default, skip_serializing_if = "Option::is_none", rename = "persistentVolumeClaim")] + pub persistent_volume_claim: Option, + /// photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "photonPersistentDisk")] + pub photon_persistent_disk: Option, + /// portworxVolume represents a portworx volume attached and mounted on kubelets host machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "portworxVolume")] + pub portworx_volume: Option, + /// projected items for all in one resources secrets, configmaps, and downward API + #[serde(default, skip_serializing_if = "Option::is_none")] + pub projected: Option, + /// quobyte represents a Quobyte mount on the host that shares a pod's lifetime + #[serde(default, skip_serializing_if = "Option::is_none")] + pub quobyte: Option, + /// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + /// More info: https://examples.k8s.io/volumes/rbd/README.md + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rbd: Option, + /// scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "scaleIO")] + pub scale_io: Option, + /// secret represents a secret that should populate this volume. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, + /// storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub storageos: Option, + /// vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "vsphereVolume")] + pub vsphere_volume: Option, +} + +/// awsElasticBlockStore represents an AWS Disk resource that is attached to a +/// kubelet's host machine and then exposed to the pod. +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesAwsElasticBlockStore { + /// fsType is the filesystem type of the volume that you want to mount. + /// Tip: Ensure that the filesystem type is supported by the host operating system. + /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + /// TODO: how do we prevent errors in the filesystem from compromising the machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// partition is the partition in the volume that you want to mount. + /// If omitted, the default is to mount by volume name. + /// Examples: For volume /dev/sda1, you specify the partition as "1". + /// Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub partition: Option, + /// readOnly value true will force the readOnly setting in VolumeMounts. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + #[serde(rename = "volumeID")] + pub volume_id: String, +} + +/// azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesAzureDisk { + /// cachingMode is the Host Caching mode: None, Read Only, Read Write. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cachingMode")] + pub caching_mode: Option, + /// diskName is the Name of the data disk in the blob storage + #[serde(rename = "diskName")] + pub disk_name: String, + /// diskURI is the URI of data disk in the blob storage + #[serde(rename = "diskURI")] + pub disk_uri: String, + /// fsType is Filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + /// readOnly Defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, +} + +/// azureFile represents an Azure File Service mount on the host and bind mount to the pod. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesAzureFile { + /// readOnly defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretName is the name of secret that contains Azure Storage Account Name and Key + #[serde(rename = "secretName")] + pub secret_name: String, + /// shareName is the azure share Name + #[serde(rename = "shareName")] + pub share_name: String, +} + +/// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesCephfs { + /// monitors is Required: Monitors is a collection of Ceph monitors + /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + pub monitors: Vec, + /// path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / + #[serde(default, skip_serializing_if = "Option::is_none")] + pub path: Option, + /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretFile")] + pub secret_file: Option, + /// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, + /// user is optional: User is the rados user name, default is admin + /// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, +} + +/// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. +/// More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesCephfsSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// cinder represents a cinder volume attached and mounted on kubelets host machine. +/// More info: https://examples.k8s.io/mysql-cinder-pd/README.md +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesCinder { + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// More info: https://examples.k8s.io/mysql-cinder-pd/README.md + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// readOnly defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + /// More info: https://examples.k8s.io/mysql-cinder-pd/README.md + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretRef is optional: points to a secret object containing parameters used to connect + /// to OpenStack. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, + /// volumeID used to identify the volume in cinder. + /// More info: https://examples.k8s.io/mysql-cinder-pd/README.md + #[serde(rename = "volumeID")] + pub volume_id: String, +} + +/// secretRef is optional: points to a secret object containing parameters used to connect +/// to OpenStack. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesCinderSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// configMap represents a configMap that should populate this volume +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesConfigMap { + /// defaultMode is optional: mode bits used to set permissions on created files by default. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// Defaults to 0644. + /// Directories within the path are not affected by this setting. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + /// items if unspecified, each key-value pair in the Data field of the referenced + /// ConfigMap will be projected into the volume as a file whose name is the + /// key and content is the value. If specified, the listed keys will be + /// projected into the specified paths, and unlisted keys will not be + /// present. If a key is specified which is not present in the ConfigMap, + /// the volume setup will error unless it is marked optional. Paths must be + /// relative and may not contain the '..' path or start with '..'. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// optional specify whether the ConfigMap or its keys must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Maps a string key to a path within a volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesConfigMapItems { + /// key is the key to project. + pub key: String, + /// mode is Optional: mode bits used to set permissions on this file. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + /// path is the relative path of the file to map the key to. + /// May not be an absolute path. + /// May not contain the path element '..'. + /// May not start with the string '..'. + pub path: String, +} + +/// csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesCsi { + /// driver is the name of the CSI driver that handles this volume. + /// Consult with your admin for the correct name as registered in the cluster. + pub driver: String, + /// fsType to mount. Ex. "ext4", "xfs", "ntfs". + /// If not provided, the empty value is passed to the associated CSI driver + /// which will determine the default filesystem to apply. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// nodePublishSecretRef is a reference to the secret object containing + /// sensitive information to pass to the CSI driver to complete the CSI + /// NodePublishVolume and NodeUnpublishVolume calls. + /// This field is optional, and may be empty if no secret is required. If the + /// secret object contains more than one secret, all secret references are passed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodePublishSecretRef")] + pub node_publish_secret_ref: Option, + /// readOnly specifies a read-only configuration for the volume. + /// Defaults to false (read/write). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// volumeAttributes stores driver-specific properties that are passed to the CSI + /// driver. Consult your driver's documentation for supported values. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributes")] + pub volume_attributes: Option>, +} + +/// nodePublishSecretRef is a reference to the secret object containing +/// sensitive information to pass to the CSI driver to complete the CSI +/// NodePublishVolume and NodeUnpublishVolume calls. +/// This field is optional, and may be empty if no secret is required. If the +/// secret object contains more than one secret, all secret references are passed. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesCsiNodePublishSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// downwardAPI represents downward API about the pod that should populate this volume +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesDownwardApi { + /// Optional: mode bits to use on created files by default. Must be a + /// Optional: mode bits used to set permissions on created files by default. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// Defaults to 0644. + /// Directories within the path are not affected by this setting. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + /// Items is a list of downward API volume file + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, +} + +/// DownwardAPIVolumeFile represents information to create the file containing the pod field +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesDownwardApiItems { + /// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] + pub field_ref: Option, + /// Optional: mode bits used to set permissions on this file, must be an octal value + /// between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + /// Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' + pub path: String, + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] + pub resource_field_ref: Option, +} + +/// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesDownwardApiItemsFieldRef { + /// Version of the schema the FieldPath is written in terms of, defaults to "v1". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Path of the field to select in the specified API version. + #[serde(rename = "fieldPath")] + pub field_path: String, +} + +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesDownwardApiItemsResourceFieldRef { + /// Container name: required for volumes, optional for env vars + #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] + pub container_name: Option, + /// Specifies the output format of the exposed resources, defaults to "1" + #[serde(default, skip_serializing_if = "Option::is_none")] + pub divisor: Option, + /// Required: resource to select + pub resource: String, +} + +/// emptyDir represents a temporary directory that shares a pod's lifetime. +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesEmptyDir { + /// medium represents what type of storage medium should back this directory. + /// The default is "" which means to use the node's default medium. + /// Must be an empty string (default) or Memory. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + #[serde(default, skip_serializing_if = "Option::is_none")] + pub medium: Option, + /// sizeLimit is the total amount of local storage required for this EmptyDir volume. + /// The size limit is also applicable for memory medium. + /// The maximum usage on memory medium EmptyDir would be the minimum value between + /// the SizeLimit specified here and the sum of memory limits of all containers in a pod. + /// The default is nil which means that the limit is undefined. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sizeLimit")] + pub size_limit: Option, +} + +/// ephemeral represents a volume that is handled by a cluster storage driver. +/// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, +/// and deleted when the pod is removed. +/// +/// +/// Use this if: +/// a) the volume is only needed while the pod runs, +/// b) features of normal volumes like restoring from snapshot or capacity +/// tracking are needed, +/// c) the storage driver is specified through a storage class, and +/// d) the storage driver supports dynamic volume provisioning through +/// a PersistentVolumeClaim (see EphemeralVolumeSource for more +/// information on the connection between this volume type +/// and PersistentVolumeClaim). +/// +/// +/// Use PersistentVolumeClaim or one of the vendor-specific +/// APIs for volumes that persist for longer than the lifecycle +/// of an individual pod. +/// +/// +/// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to +/// be used that way - see the documentation of the driver for +/// more information. +/// +/// +/// A pod can use both types of ephemeral volumes and +/// persistent volumes at the same time. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesEphemeral { + /// Will be used to create a stand-alone PVC to provision the volume. + /// The pod in which this EphemeralVolumeSource is embedded will be the + /// owner of the PVC, i.e. the PVC will be deleted together with the + /// pod. The name of the PVC will be `-` where + /// `` is the name from the `PodSpec.Volumes` array + /// entry. Pod validation will reject the pod if the concatenated name + /// is not valid for a PVC (for example, too long). + /// + /// + /// An existing PVC with that name that is not owned by the pod + /// will *not* be used for the pod to avoid using an unrelated + /// volume by mistake. Starting the pod is then blocked until + /// the unrelated PVC is removed. If such a pre-created PVC is + /// meant to be used by the pod, the PVC has to updated with an + /// owner reference to the pod once the pod exists. Normally + /// this should not be necessary, but it may be useful when + /// manually reconstructing a broken cluster. + /// + /// + /// This field is read-only and no changes will be made by Kubernetes + /// to the PVC after it has been created. + /// + /// + /// Required, must not be nil. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] + pub volume_claim_template: Option, +} + +/// Will be used to create a stand-alone PVC to provision the volume. +/// The pod in which this EphemeralVolumeSource is embedded will be the +/// owner of the PVC, i.e. the PVC will be deleted together with the +/// pod. The name of the PVC will be `-` where +/// `` is the name from the `PodSpec.Volumes` array +/// entry. Pod validation will reject the pod if the concatenated name +/// is not valid for a PVC (for example, too long). +/// +/// +/// An existing PVC with that name that is not owned by the pod +/// will *not* be used for the pod to avoid using an unrelated +/// volume by mistake. Starting the pod is then blocked until +/// the unrelated PVC is removed. If such a pre-created PVC is +/// meant to be used by the pod, the PVC has to updated with an +/// owner reference to the pod once the pod exists. Normally +/// this should not be necessary, but it may be useful when +/// manually reconstructing a broken cluster. +/// +/// +/// This field is read-only and no changes will be made by Kubernetes +/// to the PVC after it has been created. +/// +/// +/// Required, must not be nil. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesEphemeralVolumeClaimTemplate { + /// May contain labels and annotations that will be copied into the PVC + /// when creating it. No other fields are allowed and will be rejected during + /// validation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metadata: Option, + /// The specification for the PersistentVolumeClaim. The entire content is + /// copied unchanged into the PVC that gets created from this + /// template. The same fields as in a PersistentVolumeClaim + /// are also valid here. + pub spec: ComponentVolumesEphemeralVolumeClaimTemplateSpec, +} + +/// May contain labels and annotations that will be copied into the PVC +/// when creating it. No other fields are allowed and will be rejected during +/// validation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesEphemeralVolumeClaimTemplateMetadata { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub annotations: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub finalizers: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub labels: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// The specification for the PersistentVolumeClaim. The entire content is +/// copied unchanged into the PVC that gets created from this +/// template. The same fields as in a PersistentVolumeClaim +/// are also valid here. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesEphemeralVolumeClaimTemplateSpec { + /// accessModes contains the desired access modes the volume should have. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] + pub access_modes: Option>, + /// dataSource field can be used to specify either: + /// * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + /// * An existing PVC (PersistentVolumeClaim) + /// If the provisioner or an external controller can support the specified data source, + /// it will create a new volume based on the contents of the specified data source. + /// When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + /// and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + /// If the namespace is specified, then dataSourceRef will not be copied to dataSource. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSource")] + pub data_source: Option, + /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + /// volume is desired. This may be any object from a non-empty API group (non + /// core object) or a PersistentVolumeClaim object. + /// When this field is specified, volume binding will only succeed if the type of + /// the specified object matches some installed volume populator or dynamic + /// provisioner. + /// This field will replace the functionality of the dataSource field and as such + /// if both fields are non-empty, they must have the same value. For backwards + /// compatibility, when namespace isn't specified in dataSourceRef, + /// both fields (dataSource and dataSourceRef) will be set to the same + /// value automatically if one of them is empty and the other is non-empty. + /// When namespace is specified in dataSourceRef, + /// dataSource isn't set to the same value and must be empty. + /// There are three important differences between dataSource and dataSourceRef: + /// * While dataSource only allows two specific types of objects, dataSourceRef + /// allows any non-core object, as well as PersistentVolumeClaim objects. + /// * While dataSource ignores disallowed values (dropping them), dataSourceRef + /// preserves all values, and generates an error if a disallowed value is + /// specified. + /// * While dataSource only allows local objects, dataSourceRef allows objects + /// in any namespaces. + /// (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + /// (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSourceRef")] + pub data_source_ref: Option, + /// resources represents the minimum resources the volume should have. + /// If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + /// that are lower than previous value but must still be higher than capacity recorded in the + /// status field of the claim. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, + /// selector is a label query over volumes to consider for binding. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// storageClassName is the name of the StorageClass required by the claim. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] + pub storage_class_name: Option, + /// volumeMode defines what type of volume is required by the claim. + /// Value of Filesystem is implied when not included in claim spec. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] + pub volume_mode: Option, + /// volumeName is the binding reference to the PersistentVolume backing this claim. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] + pub volume_name: Option, +} + +/// dataSource field can be used to specify either: +/// * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +/// * An existing PVC (PersistentVolumeClaim) +/// If the provisioner or an external controller can support the specified data source, +/// it will create a new volume based on the contents of the specified data source. +/// When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +/// and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +/// If the namespace is specified, then dataSourceRef will not be copied to dataSource. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesEphemeralVolumeClaimTemplateSpecDataSource { + /// APIGroup is the group for the resource being referenced. + /// If APIGroup is not specified, the specified Kind must be in the core API group. + /// For any other third-party types, APIGroup is required. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] + pub api_group: Option, + /// Kind is the type of resource being referenced + pub kind: String, + /// Name is the name of resource being referenced + pub name: String, +} + +/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +/// volume is desired. This may be any object from a non-empty API group (non +/// core object) or a PersistentVolumeClaim object. +/// When this field is specified, volume binding will only succeed if the type of +/// the specified object matches some installed volume populator or dynamic +/// provisioner. +/// This field will replace the functionality of the dataSource field and as such +/// if both fields are non-empty, they must have the same value. For backwards +/// compatibility, when namespace isn't specified in dataSourceRef, +/// both fields (dataSource and dataSourceRef) will be set to the same +/// value automatically if one of them is empty and the other is non-empty. +/// When namespace is specified in dataSourceRef, +/// dataSource isn't set to the same value and must be empty. +/// There are three important differences between dataSource and dataSourceRef: +/// * While dataSource only allows two specific types of objects, dataSourceRef +/// allows any non-core object, as well as PersistentVolumeClaim objects. +/// * While dataSource ignores disallowed values (dropping them), dataSourceRef +/// preserves all values, and generates an error if a disallowed value is +/// specified. +/// * While dataSource only allows local objects, dataSourceRef allows objects +/// in any namespaces. +/// (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +/// (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesEphemeralVolumeClaimTemplateSpecDataSourceRef { + /// APIGroup is the group for the resource being referenced. + /// If APIGroup is not specified, the specified Kind must be in the core API group. + /// For any other third-party types, APIGroup is required. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] + pub api_group: Option, + /// Kind is the type of resource being referenced + pub kind: String, + /// Name is the name of resource being referenced + pub name: String, + /// Namespace is the namespace of resource being referenced + /// Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + /// (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// resources represents the minimum resources the volume should have. +/// If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +/// that are lower than previous value but must still be higher than capacity recorded in the +/// status field of the claim. +/// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesEphemeralVolumeClaimTemplateSpecResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, +} + +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesEphemeralVolumeClaimTemplateSpecResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. + pub name: String, +} + +/// selector is a label query over volumes to consider for binding. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesEphemeralVolumeClaimTemplateSpecSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesEphemeralVolumeClaimTemplateSpecSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesFc { + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// TODO: how do we prevent errors in the filesystem from compromising the machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// lun is Optional: FC target lun number + #[serde(default, skip_serializing_if = "Option::is_none")] + pub lun: Option, + /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// targetWWNs is Optional: FC target worldwide names (WWNs) + #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetWWNs")] + pub target_ww_ns: Option>, + /// wwids Optional: FC volume world wide identifiers (wwids) + /// Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub wwids: Option>, +} + +/// flexVolume represents a generic volume resource that is +/// provisioned/attached using an exec based plugin. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesFlexVolume { + /// driver is the name of the driver to use for this volume. + pub driver: String, + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// options is Optional: this field holds extra command options if any. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub options: Option>, + /// readOnly is Optional: defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretRef is Optional: secretRef is reference to the secret object containing + /// sensitive information to pass to the plugin scripts. This may be + /// empty if no secret object is specified. If the secret object + /// contains more than one secret, all secrets are passed to the plugin + /// scripts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, +} + +/// secretRef is Optional: secretRef is reference to the secret object containing +/// sensitive information to pass to the plugin scripts. This may be +/// empty if no secret object is specified. If the secret object +/// contains more than one secret, all secrets are passed to the plugin +/// scripts. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesFlexVolumeSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesFlocker { + /// datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + /// should be considered as deprecated + #[serde(default, skip_serializing_if = "Option::is_none", rename = "datasetName")] + pub dataset_name: Option, + /// datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset + #[serde(default, skip_serializing_if = "Option::is_none", rename = "datasetUUID")] + pub dataset_uuid: Option, +} + +/// gcePersistentDisk represents a GCE Disk resource that is attached to a +/// kubelet's host machine and then exposed to the pod. +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesGcePersistentDisk { + /// fsType is filesystem type of the volume that you want to mount. + /// Tip: Ensure that the filesystem type is supported by the host operating system. + /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + /// TODO: how do we prevent errors in the filesystem from compromising the machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// partition is the partition in the volume that you want to mount. + /// If omitted, the default is to mount by volume name. + /// Examples: For volume /dev/sda1, you specify the partition as "1". + /// Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + #[serde(default, skip_serializing_if = "Option::is_none")] + pub partition: Option, + /// pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + #[serde(rename = "pdName")] + pub pd_name: String, + /// readOnly here will force the ReadOnly setting in VolumeMounts. + /// Defaults to false. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, +} + +/// gitRepo represents a git repository at a particular revision. +/// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +/// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +/// into the Pod's container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesGitRepo { + /// directory is the target directory name. + /// Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + /// git repository. Otherwise, if specified, the volume will contain the git repository in + /// the subdirectory with the given name. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub directory: Option, + /// repository is the URL + pub repository: String, + /// revision is the commit hash for the specified revision. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub revision: Option, +} + +/// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +/// More info: https://examples.k8s.io/volumes/glusterfs/README.md +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesGlusterfs { + /// endpoints is the endpoint name that details Glusterfs topology. + /// More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + pub endpoints: String, + /// path is the Glusterfs volume path. + /// More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + pub path: String, + /// readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + /// Defaults to false. + /// More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, +} + +/// hostPath represents a pre-existing file or directory on the host +/// machine that is directly exposed to the container. This is generally +/// used for system agents or other privileged things that are allowed +/// to see the host machine. Most containers will NOT need this. +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +/// --- +/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not +/// mount host directories as read/write. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesHostPath { + /// path of the directory on the host. + /// If the path is a symlink, it will follow the link to the real path. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + pub path: String, + /// type for HostPath Volume + /// Defaults to "" + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + +/// iscsi represents an ISCSI Disk resource that is attached to a +/// kubelet's host machine and then exposed to the pod. +/// More info: https://examples.k8s.io/volumes/iscsi/README.md +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesIscsi { + /// chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication + #[serde(default, skip_serializing_if = "Option::is_none", rename = "chapAuthDiscovery")] + pub chap_auth_discovery: Option, + /// chapAuthSession defines whether support iSCSI Session CHAP authentication + #[serde(default, skip_serializing_if = "Option::is_none", rename = "chapAuthSession")] + pub chap_auth_session: Option, + /// fsType is the filesystem type of the volume that you want to mount. + /// Tip: Ensure that the filesystem type is supported by the host operating system. + /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + /// TODO: how do we prevent errors in the filesystem from compromising the machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// initiatorName is the custom iSCSI Initiator Name. + /// If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + /// : will be created for the connection. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "initiatorName")] + pub initiator_name: Option, + /// iqn is the target iSCSI Qualified Name. + pub iqn: String, + /// iscsiInterface is the interface Name that uses an iSCSI transport. + /// Defaults to 'default' (tcp). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "iscsiInterface")] + pub iscsi_interface: Option, + /// lun represents iSCSI Target Lun number. + pub lun: i32, + /// portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + /// is other than default (typically TCP ports 860 and 3260). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub portals: Option>, + /// readOnly here will force the ReadOnly setting in VolumeMounts. + /// Defaults to false. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretRef is the CHAP Secret for iSCSI target and initiator authentication + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, + /// targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + /// is other than default (typically TCP ports 860 and 3260). + #[serde(rename = "targetPortal")] + pub target_portal: String, +} + +/// secretRef is the CHAP Secret for iSCSI target and initiator authentication +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesIscsiSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// nfs represents an NFS mount on the host that shares a pod's lifetime +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesNfs { + /// path that is exported by the NFS server. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + pub path: String, + /// readOnly here will force the NFS export to be mounted with read-only permissions. + /// Defaults to false. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// server is the hostname or IP address of the NFS server. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + pub server: String, +} + +/// persistentVolumeClaimVolumeSource represents a reference to a +/// PersistentVolumeClaim in the same namespace. +/// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesPersistentVolumeClaim { + /// claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + /// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + #[serde(rename = "claimName")] + pub claim_name: String, + /// readOnly Will force the ReadOnly setting in VolumeMounts. + /// Default false. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, +} + +/// photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesPhotonPersistentDisk { + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// pdID is the ID that identifies Photon Controller persistent disk + #[serde(rename = "pdID")] + pub pd_id: String, +} + +/// portworxVolume represents a portworx volume attached and mounted on kubelets host machine +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesPortworxVolume { + /// fSType represents the filesystem type to mount + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// readOnly defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// volumeID uniquely identifies a Portworx volume + #[serde(rename = "volumeID")] + pub volume_id: String, +} + +/// projected items for all in one resources secrets, configmaps, and downward API +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesProjected { + /// defaultMode are the mode bits used to set permissions on created files by default. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// Directories within the path are not affected by this setting. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + /// sources is the list of volume projections + #[serde(default, skip_serializing_if = "Option::is_none")] + pub sources: Option>, +} + +/// Projection that may be projected along with other supported volume types +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesProjectedSources { + /// configMap information about the configMap data to project + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, + /// downwardAPI information about the downwardAPI data to project + #[serde(default, skip_serializing_if = "Option::is_none", rename = "downwardAPI")] + pub downward_api: Option, + /// secret information about the secret data to project + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secret: Option, + /// serviceAccountToken is information about the serviceAccountToken data to project + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccountToken")] + pub service_account_token: Option, +} + +/// configMap information about the configMap data to project +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesProjectedSourcesConfigMap { + /// items if unspecified, each key-value pair in the Data field of the referenced + /// ConfigMap will be projected into the volume as a file whose name is the + /// key and content is the value. If specified, the listed keys will be + /// projected into the specified paths, and unlisted keys will not be + /// present. If a key is specified which is not present in the ConfigMap, + /// the volume setup will error unless it is marked optional. Paths must be + /// relative and may not contain the '..' path or start with '..'. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// optional specify whether the ConfigMap or its keys must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Maps a string key to a path within a volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesProjectedSourcesConfigMapItems { + /// key is the key to project. + pub key: String, + /// mode is Optional: mode bits used to set permissions on this file. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + /// path is the relative path of the file to map the key to. + /// May not be an absolute path. + /// May not contain the path element '..'. + /// May not start with the string '..'. + pub path: String, +} + +/// downwardAPI information about the downwardAPI data to project +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesProjectedSourcesDownwardApi { + /// Items is a list of DownwardAPIVolume file + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, +} + +/// DownwardAPIVolumeFile represents information to create the file containing the pod field +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesProjectedSourcesDownwardApiItems { + /// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] + pub field_ref: Option, + /// Optional: mode bits used to set permissions on this file, must be an octal value + /// between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + /// Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' + pub path: String, + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] + pub resource_field_ref: Option, +} + +/// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesProjectedSourcesDownwardApiItemsFieldRef { + /// Version of the schema the FieldPath is written in terms of, defaults to "v1". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Path of the field to select in the specified API version. + #[serde(rename = "fieldPath")] + pub field_path: String, +} + +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesProjectedSourcesDownwardApiItemsResourceFieldRef { + /// Container name: required for volumes, optional for env vars + #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] + pub container_name: Option, + /// Specifies the output format of the exposed resources, defaults to "1" + #[serde(default, skip_serializing_if = "Option::is_none")] + pub divisor: Option, + /// Required: resource to select + pub resource: String, +} + +/// secret information about the secret data to project +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesProjectedSourcesSecret { + /// items if unspecified, each key-value pair in the Data field of the referenced + /// Secret will be projected into the volume as a file whose name is the + /// key and content is the value. If specified, the listed keys will be + /// projected into the specified paths, and unlisted keys will not be + /// present. If a key is specified which is not present in the Secret, + /// the volume setup will error unless it is marked optional. Paths must be + /// relative and may not contain the '..' path or start with '..'. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// optional field specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Maps a string key to a path within a volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesProjectedSourcesSecretItems { + /// key is the key to project. + pub key: String, + /// mode is Optional: mode bits used to set permissions on this file. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + /// path is the relative path of the file to map the key to. + /// May not be an absolute path. + /// May not contain the path element '..'. + /// May not start with the string '..'. + pub path: String, +} + +/// serviceAccountToken is information about the serviceAccountToken data to project +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesProjectedSourcesServiceAccountToken { + /// audience is the intended audience of the token. A recipient of a token + /// must identify itself with an identifier specified in the audience of the + /// token, and otherwise should reject the token. The audience defaults to the + /// identifier of the apiserver. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub audience: Option, + /// expirationSeconds is the requested duration of validity of the service + /// account token. As the token approaches expiration, the kubelet volume + /// plugin will proactively rotate the service account token. The kubelet will + /// start trying to rotate the token if the token is older than 80 percent of + /// its time to live or if the token is older than 24 hours.Defaults to 1 hour + /// and must be at least 10 minutes. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "expirationSeconds")] + pub expiration_seconds: Option, + /// path is the path relative to the mount point of the file to project the + /// token into. + pub path: String, +} + +/// quobyte represents a Quobyte mount on the host that shares a pod's lifetime +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesQuobyte { + /// group to map volume access to + /// Default is no group + #[serde(default, skip_serializing_if = "Option::is_none")] + pub group: Option, + /// readOnly here will force the Quobyte volume to be mounted with read-only permissions. + /// Defaults to false. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// registry represents a single or multiple Quobyte Registry services + /// specified as a string as host:port pair (multiple entries are separated with commas) + /// which acts as the central registry for volumes + pub registry: String, + /// tenant owning the given Quobyte volume in the Backend + /// Used with dynamically provisioned Quobyte volumes, value is set by the plugin + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tenant: Option, + /// user to map volume access to + /// Defaults to serivceaccount user + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, + /// volume is a string that references an already created Quobyte volume by name. + pub volume: String, +} + +/// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +/// More info: https://examples.k8s.io/volumes/rbd/README.md +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesRbd { + /// fsType is the filesystem type of the volume that you want to mount. + /// Tip: Ensure that the filesystem type is supported by the host operating system. + /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + /// TODO: how do we prevent errors in the filesystem from compromising the machine + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// image is the rados image name. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + pub image: String, + /// keyring is the path to key ring for RBDUser. + /// Default is /etc/ceph/keyring. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none")] + pub keyring: Option, + /// monitors is a collection of Ceph monitors. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + pub monitors: Vec, + /// pool is the rados pool name. + /// Default is rbd. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none")] + pub pool: Option, + /// readOnly here will force the ReadOnly setting in VolumeMounts. + /// Defaults to false. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretRef is name of the authentication secret for RBDUser. If provided + /// overrides keyring. + /// Default is nil. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, + /// user is the rados user name. + /// Default is admin. + /// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, +} + +/// secretRef is name of the authentication secret for RBDUser. If provided +/// overrides keyring. +/// Default is nil. +/// More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesRbdSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesScaleIo { + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". + /// Default is "xfs". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// gateway is the host address of the ScaleIO API Gateway. + pub gateway: String, + /// protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "protectionDomain")] + pub protection_domain: Option, + /// readOnly Defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretRef references to the secret for ScaleIO user and other + /// sensitive information. If this is not provided, Login operation will fail. + #[serde(rename = "secretRef")] + pub secret_ref: ComponentVolumesScaleIoSecretRef, + /// sslEnabled Flag enable/disable SSL communication with Gateway, default false + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sslEnabled")] + pub ssl_enabled: Option, + /// storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + /// Default is ThinProvisioned. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageMode")] + pub storage_mode: Option, + /// storagePool is the ScaleIO Storage Pool associated with the protection domain. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePool")] + pub storage_pool: Option, + /// system is the name of the storage system as configured in ScaleIO. + pub system: String, + /// volumeName is the name of a volume already created in the ScaleIO system + /// that is associated with this volume source. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] + pub volume_name: Option, +} + +/// secretRef references to the secret for ScaleIO user and other +/// sensitive information. If this is not provided, Login operation will fail. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesScaleIoSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// secret represents a secret that should populate this volume. +/// More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesSecret { + /// defaultMode is Optional: mode bits used to set permissions on created files by default. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values + /// for mode bits. Defaults to 0644. + /// Directories within the path are not affected by this setting. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + /// items If unspecified, each key-value pair in the Data field of the referenced + /// Secret will be projected into the volume as a file whose name is the + /// key and content is the value. If specified, the listed keys will be + /// projected into the specified paths, and unlisted keys will not be + /// present. If a key is specified which is not present in the Secret, + /// the volume setup will error unless it is marked optional. Paths must be + /// relative and may not contain the '..' path or start with '..'. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + /// optional field specify whether the Secret or its keys must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, + /// secretName is the name of the secret in the pod's namespace to use. + /// More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] + pub secret_name: Option, +} + +/// Maps a string key to a path within a volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesSecretItems { + /// key is the key to project. + pub key: String, + /// mode is Optional: mode bits used to set permissions on this file. + /// Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + /// YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + /// If not specified, the volume defaultMode will be used. + /// This might be in conflict with other options that affect the file + /// mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + /// path is the relative path of the file to map the key to. + /// May not be an absolute path. + /// May not contain the path element '..'. + /// May not start with the string '..'. + pub path: String, +} + +/// storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesStorageos { + /// fsType is the filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// readOnly defaults to false (read/write). ReadOnly here will force + /// the ReadOnly setting in VolumeMounts. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] + pub read_only: Option, + /// secretRef specifies the secret to use for obtaining the StorageOS API + /// credentials. If not specified, default values will be attempted. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, + /// volumeName is the human-readable name of the StorageOS volume. Volume + /// names are only unique within a namespace. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] + pub volume_name: Option, + /// volumeNamespace specifies the scope of the volume within StorageOS. If no + /// namespace is specified then the Pod's namespace will be used. This allows the + /// Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + /// Set VolumeName to any name to override the default behaviour. + /// Set to "default" if you are not using namespaces within StorageOS. + /// Namespaces that do not pre-exist within StorageOS will be created. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeNamespace")] + pub volume_namespace: Option, +} + +/// secretRef specifies the secret to use for obtaining the StorageOS API +/// credentials. If not specified, default values will be attempted. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesStorageosSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentVolumesVsphereVolume { + /// fsType is filesystem type to mount. + /// Must be a filesystem type supported by the host operating system. + /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] + pub fs_type: Option, + /// storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePolicyID")] + pub storage_policy_id: Option, + /// storagePolicyName is the storage Policy Based Management (SPBM) profile name. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePolicyName")] + pub storage_policy_name: Option, + /// volumePath is the path that identifies vSphere volume vmdk + #[serde(rename = "volumePath")] + pub volume_path: String, +} + /// ComponentStatus represents the observed state of a Component within the Cluster. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ComponentStatus { diff --git a/kube-custom-resources-rs/src/ceph_rook_io/v1/cephblockpools.rs b/kube-custom-resources-rs/src/ceph_rook_io/v1/cephblockpools.rs index 7e848d201..d08c32dad 100644 --- a/kube-custom-resources-rs/src/ceph_rook_io/v1/cephblockpools.rs +++ b/kube-custom-resources-rs/src/ceph_rook_io/v1/cephblockpools.rs @@ -36,6 +36,9 @@ pub struct CephBlockPoolSpec { /// The device class the OSD should set to for use in the pool #[serde(default, skip_serializing_if = "Option::is_none", rename = "deviceClass")] pub device_class: Option, + /// Allow rook operator to change the pool CRUSH tunables once the pool is created + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableCrushUpdates")] + pub enable_crush_updates: Option, /// EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableRBDStats")] pub enable_rbd_stats: Option, diff --git a/kube-custom-resources-rs/src/ceph_rook_io/v1/cephfilesystems.rs b/kube-custom-resources-rs/src/ceph_rook_io/v1/cephfilesystems.rs index 2a02c772b..6ac2a335c 100644 --- a/kube-custom-resources-rs/src/ceph_rook_io/v1/cephfilesystems.rs +++ b/kube-custom-resources-rs/src/ceph_rook_io/v1/cephfilesystems.rs @@ -61,6 +61,9 @@ pub struct CephFilesystemDataPools { /// The device class the OSD should set to for use in the pool #[serde(default, skip_serializing_if = "Option::is_none", rename = "deviceClass")] pub device_class: Option, + /// Allow rook operator to change the pool CRUSH tunables once the pool is created + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableCrushUpdates")] + pub enable_crush_updates: Option, /// EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableRBDStats")] pub enable_rbd_stats: Option, @@ -246,6 +249,9 @@ pub struct CephFilesystemMetadataPool { /// The device class the OSD should set to for use in the pool #[serde(default, skip_serializing_if = "Option::is_none", rename = "deviceClass")] pub device_class: Option, + /// Allow rook operator to change the pool CRUSH tunables once the pool is created + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableCrushUpdates")] + pub enable_crush_updates: Option, /// EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableRBDStats")] pub enable_rbd_stats: Option, diff --git a/kube-custom-resources-rs/src/ceph_rook_io/v1/cephobjectstores.rs b/kube-custom-resources-rs/src/ceph_rook_io/v1/cephobjectstores.rs index 98e1e6b14..404c3724f 100644 --- a/kube-custom-resources-rs/src/ceph_rook_io/v1/cephobjectstores.rs +++ b/kube-custom-resources-rs/src/ceph_rook_io/v1/cephobjectstores.rs @@ -75,6 +75,9 @@ pub struct CephObjectStoreDataPool { /// The device class the OSD should set to for use in the pool #[serde(default, skip_serializing_if = "Option::is_none", rename = "deviceClass")] pub device_class: Option, + /// Allow rook operator to change the pool CRUSH tunables once the pool is created + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableCrushUpdates")] + pub enable_crush_updates: Option, /// EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableRBDStats")] pub enable_rbd_stats: Option, @@ -995,6 +998,9 @@ pub struct CephObjectStoreMetadataPool { /// The device class the OSD should set to for use in the pool #[serde(default, skip_serializing_if = "Option::is_none", rename = "deviceClass")] pub device_class: Option, + /// Allow rook operator to change the pool CRUSH tunables once the pool is created + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableCrushUpdates")] + pub enable_crush_updates: Option, /// EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableRBDStats")] pub enable_rbd_stats: Option, diff --git a/kube-custom-resources-rs/src/ceph_rook_io/v1/cephobjectzones.rs b/kube-custom-resources-rs/src/ceph_rook_io/v1/cephobjectzones.rs index bbe60a033..5653f7b45 100644 --- a/kube-custom-resources-rs/src/ceph_rook_io/v1/cephobjectzones.rs +++ b/kube-custom-resources-rs/src/ceph_rook_io/v1/cephobjectzones.rs @@ -67,6 +67,9 @@ pub struct CephObjectZoneDataPool { /// The device class the OSD should set to for use in the pool #[serde(default, skip_serializing_if = "Option::is_none", rename = "deviceClass")] pub device_class: Option, + /// Allow rook operator to change the pool CRUSH tunables once the pool is created + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableCrushUpdates")] + pub enable_crush_updates: Option, /// EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableRBDStats")] pub enable_rbd_stats: Option, @@ -249,6 +252,9 @@ pub struct CephObjectZoneMetadataPool { /// The device class the OSD should set to for use in the pool #[serde(default, skip_serializing_if = "Option::is_none", rename = "deviceClass")] pub device_class: Option, + /// Allow rook operator to change the pool CRUSH tunables once the pool is created + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableCrushUpdates")] + pub enable_crush_updates: Option, /// EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableRBDStats")] pub enable_rbd_stats: Option, diff --git a/kube-custom-resources-rs/src/cert_manager_io/v1/clusterissuers.rs b/kube-custom-resources-rs/src/cert_manager_io/v1/clusterissuers.rs index a3da02394..918f227a5 100644 --- a/kube-custom-resources-rs/src/cert_manager_io/v1/clusterissuers.rs +++ b/kube-custom-resources-rs/src/cert_manager_io/v1/clusterissuers.rs @@ -1874,6 +1874,11 @@ pub struct ClusterIssuerVaultAuth { /// with the role and secret stored in a Kubernetes Secret resource. #[serde(default, skip_serializing_if = "Option::is_none", rename = "appRole")] pub app_role: Option, + /// ClientCertificate authenticates with Vault by presenting a client + /// certificate during the request's TLS handshake. + /// Works only when using HTTPS protocol. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientCertificate")] + pub client_certificate: Option, /// Kubernetes authenticates with Vault by passing the ServiceAccount /// token stored in the named Secret resource to the Vault server. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -1918,6 +1923,28 @@ pub struct ClusterIssuerVaultAuthAppRoleSecretRef { pub name: String, } +/// ClientCertificate authenticates with Vault by presenting a client +/// certificate during the request's TLS handshake. +/// Works only when using HTTPS protocol. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterIssuerVaultAuthClientCertificate { + /// The Vault mountPath here is the mount path to use when authenticating with + /// Vault. For example, setting a value to `/v1/auth/foo`, will use the path + /// `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the + /// default value "/v1/auth/cert" will be used. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPath")] + pub mount_path: Option, + /// Name of the certificate role to authenticate against. + /// If not set, matching any certificate role, if available. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Reference to Kubernetes Secret of type "kubernetes.io/tls" (hence containing + /// tls.crt and tls.key) used to authenticate to Vault using TLS client + /// authentication. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] + pub secret_name: Option, +} + /// Kubernetes authenticates with Vault by passing the ServiceAccount /// token stored in the named Secret resource to the Vault server. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/cert_manager_io/v1/issuers.rs b/kube-custom-resources-rs/src/cert_manager_io/v1/issuers.rs index 3c9602c75..710053e3d 100644 --- a/kube-custom-resources-rs/src/cert_manager_io/v1/issuers.rs +++ b/kube-custom-resources-rs/src/cert_manager_io/v1/issuers.rs @@ -1875,6 +1875,11 @@ pub struct IssuerVaultAuth { /// with the role and secret stored in a Kubernetes Secret resource. #[serde(default, skip_serializing_if = "Option::is_none", rename = "appRole")] pub app_role: Option, + /// ClientCertificate authenticates with Vault by presenting a client + /// certificate during the request's TLS handshake. + /// Works only when using HTTPS protocol. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientCertificate")] + pub client_certificate: Option, /// Kubernetes authenticates with Vault by passing the ServiceAccount /// token stored in the named Secret resource to the Vault server. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -1919,6 +1924,28 @@ pub struct IssuerVaultAuthAppRoleSecretRef { pub name: String, } +/// ClientCertificate authenticates with Vault by presenting a client +/// certificate during the request's TLS handshake. +/// Works only when using HTTPS protocol. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct IssuerVaultAuthClientCertificate { + /// The Vault mountPath here is the mount path to use when authenticating with + /// Vault. For example, setting a value to `/v1/auth/foo`, will use the path + /// `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the + /// default value "/v1/auth/cert" will be used. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPath")] + pub mount_path: Option, + /// Name of the certificate role to authenticate against. + /// If not set, matching any certificate role, if available. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Reference to Kubernetes Secret of type "kubernetes.io/tls" (hence containing + /// tls.crt and tls.key) used to authenticate to Vault using TLS client + /// authentication. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] + pub secret_name: Option, +} + /// Kubernetes authenticates with Vault by passing the ServiceAccount /// token stored in the named Secret resource to the Vault server. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/configurations.rs b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/configurations.rs index 33ac5f6d7..965d459d9 100644 --- a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/configurations.rs +++ b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/configurations.rs @@ -115,12 +115,31 @@ pub struct ConfigurationError { pub catch: Option>, } -/// CatchFinally defines actions to be executed in catch, finally and cleanup blocks. +/// Operation defines operation elements. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ConfigurationErrorCatch { + /// Apply represents resources that should be applied for this test step. This can include things + /// like configuration settings or any other resources that need to be available during the test. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub apply: Option, + /// Assert represents an assertion to be made. It checks whether the conditions specified in the assertion hold true. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub assert: Option, + /// Bindings defines additional binding key/values. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub bindings: Option>, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, /// Command defines a command to run. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option, + /// Create represents a creation operation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub create: Option, /// Delete represents a deletion operation. #[serde(default, skip_serializing_if = "Option::is_none")] pub delete: Option, @@ -130,12 +149,22 @@ pub struct ConfigurationErrorCatch { /// Description contains a description of the operation. #[serde(default, skip_serializing_if = "Option::is_none")] pub description: Option, + /// Error represents the expected errors for this test step. If any of these errors occur, the test + /// will consider them as expected; otherwise, they will be treated as test failures. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub error: Option, /// Events determines the events collector to execute. #[serde(default, skip_serializing_if = "Option::is_none")] pub events: Option, /// Get determines the resource get collector to execute. #[serde(default, skip_serializing_if = "Option::is_none")] pub get: Option, + /// Outputs defines output bindings. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub outputs: Option>, + /// Patch represents a patch operation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub patch: Option, /// PodLogs determines the pod logs collector to execute. #[serde(default, skip_serializing_if = "Option::is_none", rename = "podLogs")] pub pod_logs: Option, @@ -145,40 +174,65 @@ pub struct ConfigurationErrorCatch { /// Sleep defines zzzz. #[serde(default, skip_serializing_if = "Option::is_none")] pub sleep: Option, + /// Update represents an update operation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub update: Option, /// Wait determines the resource wait collector to execute. #[serde(default, skip_serializing_if = "Option::is_none")] pub wait: Option, } -/// Command defines a command to run. +/// Apply represents resources that should be applied for this test step. This can include things +/// like configuration settings or any other resources that need to be available during the test. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ConfigurationErrorCatchCommand { - /// Args is the command arguments. +pub struct ConfigurationErrorCatchApply { + /// DryRun determines whether the file should be applied in dry run mode. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dryRun")] + pub dry_run: Option, + /// Expect defines a list of matched checks to validate the operation outcome. #[serde(default, skip_serializing_if = "Option::is_none")] - pub args: Option>, - /// Bindings defines additional binding key/values. + pub expect: Option>, + /// File is the path to the referenced file. This can be a direct path to a file + /// or an expression that matches multiple files, such as "manifest/*.yaml" for all YAML + /// files within the "manifest" directory. #[serde(default, skip_serializing_if = "Option::is_none")] - pub bindings: Option>, - /// Check is an assertion tree to validate the operation outcome. + pub file: Option, + /// Resource provides a resource to be applied. #[serde(default, skip_serializing_if = "Option::is_none")] - pub check: Option>, - /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + pub resource: Option>, + /// Template determines whether resources should be considered for templating. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cluster: Option, - /// Clusters holds a registry to clusters to support multi-cluster tests. + pub template: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. #[serde(default, skip_serializing_if = "Option::is_none")] - pub clusters: Option>, - /// Entrypoint is the command entry point to run. - pub entrypoint: String, - /// Env defines additional environment variables. + pub timeout: Option, +} + +/// Expectation represents a check to be applied on the result of an operation +/// with a match filter to determine if the verification should be considered. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ConfigurationErrorCatchApplyExpect { + /// Check defines the verification statement. + pub check: BTreeMap, + /// Match defines the matching statement. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option>, +} + +/// Assert represents an assertion to be made. It checks whether the conditions specified in the assertion hold true. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ConfigurationErrorCatchAssert { + /// File is the path to the referenced file. This can be a direct path to a file + /// or an expression that matches multiple files, such as "manifest/*.yaml" for all YAML + /// files within the "manifest" directory. #[serde(default, skip_serializing_if = "Option::is_none")] - pub env: Option>, - /// Outputs defines output bindings. + pub file: Option, + /// Check provides a check used in assertions. #[serde(default, skip_serializing_if = "Option::is_none")] - pub outputs: Option>, - /// SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipLogOutput")] - pub skip_log_output: Option, + pub resource: Option>, + /// Template determines whether resources should be considered for templating. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub template: Option, /// Timeout for the operation. Overrides the global timeout set in the Configuration. #[serde(default, skip_serializing_if = "Option::is_none")] pub timeout: Option, @@ -186,7 +240,7 @@ pub struct ConfigurationErrorCatchCommand { /// Binding represents a key/value set as a binding in an executing test. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ConfigurationErrorCatchCommandBindings { +pub struct ConfigurationErrorCatchBindings { /// Name the name of the binding. pub name: String, /// Value value of the binding. @@ -195,7 +249,7 @@ pub struct ConfigurationErrorCatchCommandBindings { /// Clusters holds a registry to clusters to support multi-cluster tests. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ConfigurationErrorCatchCommandClusters { +pub struct ConfigurationErrorCatchClusters { /// Context is the name of the context to use. #[serde(default, skip_serializing_if = "Option::is_none")] pub context: Option, @@ -204,6 +258,28 @@ pub struct ConfigurationErrorCatchCommandClusters { pub kubeconfig: Option, } +/// Command defines a command to run. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ConfigurationErrorCatchCommand { + /// Args is the command arguments. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub args: Option>, + /// Check is an assertion tree to validate the operation outcome. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub check: Option>, + /// Entrypoint is the command entry point to run. + pub entrypoint: String, + /// Env defines additional environment variables. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub env: Option>, + /// SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipLogOutput")] + pub skip_log_output: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + /// Binding represents a key/value set as a binding in an executing test. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ConfigurationErrorCatchCommandEnv { @@ -213,30 +289,45 @@ pub struct ConfigurationErrorCatchCommandEnv { pub value: serde_json::Value, } -/// Output represents an output binding with a match to determine if the binding must be considered or not. +/// Create represents a creation operation. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ConfigurationErrorCatchCommandOutputs { +pub struct ConfigurationErrorCatchCreate { + /// DryRun determines whether the file should be applied in dry run mode. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dryRun")] + pub dry_run: Option, + /// Expect defines a list of matched checks to validate the operation outcome. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expect: Option>, + /// File is the path to the referenced file. This can be a direct path to a file + /// or an expression that matches multiple files, such as "manifest/*.yaml" for all YAML + /// files within the "manifest" directory. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub file: Option, + /// Resource provides a resource to be applied. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resource: Option>, + /// Template determines whether resources should be considered for templating. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub template: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Expectation represents a check to be applied on the result of an operation +/// with a match filter to determine if the verification should be considered. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ConfigurationErrorCatchCreateExpect { + /// Check defines the verification statement. + pub check: BTreeMap, /// Match defines the matching statement. #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] pub r#match: Option>, - /// Name the name of the binding. - pub name: String, - /// Value value of the binding. - pub value: serde_json::Value, } /// Delete represents a deletion operation. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ConfigurationErrorCatchDelete { - /// Bindings defines additional binding key/values. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub bindings: Option>, - /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cluster: Option, - /// Clusters holds a registry to clusters to support multi-cluster tests. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub clusters: Option>, /// DeletionPropagationPolicy decides if a deletion will propagate to the dependents of /// the object, and how the garbage collector will handle the propagation. /// Overrides the deletion propagation policy set in the Configuration, the Test and the TestStep. @@ -261,26 +352,6 @@ pub struct ConfigurationErrorCatchDelete { pub timeout: Option, } -/// Binding represents a key/value set as a binding in an executing test. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ConfigurationErrorCatchDeleteBindings { - /// Name the name of the binding. - pub name: String, - /// Value value of the binding. - pub value: serde_json::Value, -} - -/// Clusters holds a registry to clusters to support multi-cluster tests. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ConfigurationErrorCatchDeleteClusters { - /// Context is the name of the context to use. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub context: Option, - /// Kubeconfig is the path to the referenced file. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kubeconfig: Option, -} - /// Delete represents a deletion operation. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum ConfigurationErrorCatchDeleteDeletionPropagationPolicy { @@ -310,8 +381,8 @@ pub struct ConfigurationErrorCatchDeleteRef { /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds pub kind: String, /// Label selector to match objects to delete - #[serde(default, skip_serializing_if = "Option::is_none")] - pub labels: Option>, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, /// Name of the referent. /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names #[serde(default, skip_serializing_if = "Option::is_none")] @@ -322,18 +393,42 @@ pub struct ConfigurationErrorCatchDeleteRef { pub namespace: Option, } +/// Label selector to match objects to delete +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ConfigurationErrorCatchDeleteRefLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ConfigurationErrorCatchDeleteRefLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// Describe determines the resource describe collector to execute. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ConfigurationErrorCatchDescribe { /// API version of the referent. #[serde(rename = "apiVersion")] pub api_version: String, - /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cluster: Option, - /// Clusters holds a registry to clusters to support multi-cluster tests. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub clusters: Option>, /// Kind of the referent. /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds pub kind: String, @@ -356,26 +451,29 @@ pub struct ConfigurationErrorCatchDescribe { pub timeout: Option, } -/// Clusters holds a registry to clusters to support multi-cluster tests. +/// Error represents the expected errors for this test step. If any of these errors occur, the test +/// will consider them as expected; otherwise, they will be treated as test failures. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ConfigurationErrorCatchDescribeClusters { - /// Context is the name of the context to use. +pub struct ConfigurationErrorCatchError { + /// File is the path to the referenced file. This can be a direct path to a file + /// or an expression that matches multiple files, such as "manifest/*.yaml" for all YAML + /// files within the "manifest" directory. #[serde(default, skip_serializing_if = "Option::is_none")] - pub context: Option, - /// Kubeconfig is the path to the referenced file. + pub file: Option, + /// Check provides a check used in assertions. #[serde(default, skip_serializing_if = "Option::is_none")] - pub kubeconfig: Option, + pub resource: Option>, + /// Template determines whether resources should be considered for templating. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub template: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, } /// Events determines the events collector to execute. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ConfigurationErrorCatchEvents { - /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cluster: Option, - /// Clusters holds a registry to clusters to support multi-cluster tests. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub clusters: Option>, /// Format determines the output format (json or yaml). #[serde(default, skip_serializing_if = "Option::is_none")] pub format: Option, @@ -395,29 +493,12 @@ pub struct ConfigurationErrorCatchEvents { pub timeout: Option, } -/// Clusters holds a registry to clusters to support multi-cluster tests. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ConfigurationErrorCatchEventsClusters { - /// Context is the name of the context to use. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub context: Option, - /// Kubeconfig is the path to the referenced file. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kubeconfig: Option, -} - /// Get determines the resource get collector to execute. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ConfigurationErrorCatchGet { /// API version of the referent. #[serde(rename = "apiVersion")] pub api_version: String, - /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cluster: Option, - /// Clusters holds a registry to clusters to support multi-cluster tests. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub clusters: Option>, /// Format determines the output format (json or yaml). #[serde(default, skip_serializing_if = "Option::is_none")] pub format: Option, @@ -440,26 +521,57 @@ pub struct ConfigurationErrorCatchGet { pub timeout: Option, } -/// Clusters holds a registry to clusters to support multi-cluster tests. +/// Output represents an output binding with a match to determine if the binding must be considered or not. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ConfigurationErrorCatchGetClusters { - /// Context is the name of the context to use. +pub struct ConfigurationErrorCatchOutputs { + /// Match defines the matching statement. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option>, + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Patch represents a patch operation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ConfigurationErrorCatchPatch { + /// DryRun determines whether the file should be applied in dry run mode. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dryRun")] + pub dry_run: Option, + /// Expect defines a list of matched checks to validate the operation outcome. #[serde(default, skip_serializing_if = "Option::is_none")] - pub context: Option, - /// Kubeconfig is the path to the referenced file. + pub expect: Option>, + /// File is the path to the referenced file. This can be a direct path to a file + /// or an expression that matches multiple files, such as "manifest/*.yaml" for all YAML + /// files within the "manifest" directory. #[serde(default, skip_serializing_if = "Option::is_none")] - pub kubeconfig: Option, + pub file: Option, + /// Resource provides a resource to be applied. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resource: Option>, + /// Template determines whether resources should be considered for templating. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub template: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Expectation represents a check to be applied on the result of an operation +/// with a match filter to determine if the verification should be considered. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ConfigurationErrorCatchPatchExpect { + /// Check defines the verification statement. + pub check: BTreeMap, + /// Match defines the matching statement. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option>, } /// PodLogs determines the pod logs collector to execute. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ConfigurationErrorCatchPodLogs { - /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cluster: Option, - /// Clusters holds a registry to clusters to support multi-cluster tests. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub clusters: Option>, /// Container in pod to get logs from else --all-containers is used. #[serde(default, skip_serializing_if = "Option::is_none")] pub container: Option, @@ -484,41 +596,18 @@ pub struct ConfigurationErrorCatchPodLogs { pub timeout: Option, } -/// Clusters holds a registry to clusters to support multi-cluster tests. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ConfigurationErrorCatchPodLogsClusters { - /// Context is the name of the context to use. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub context: Option, - /// Kubeconfig is the path to the referenced file. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kubeconfig: Option, -} - /// Script defines a script to run. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ConfigurationErrorCatchScript { - /// Bindings defines additional binding key/values. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub bindings: Option>, /// Check is an assertion tree to validate the operation outcome. #[serde(default, skip_serializing_if = "Option::is_none")] pub check: Option>, - /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cluster: Option, - /// Clusters holds a registry to clusters to support multi-cluster tests. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub clusters: Option>, /// Content defines a shell script (run with "sh -c ..."). #[serde(default, skip_serializing_if = "Option::is_none")] pub content: Option, /// Env defines additional environment variables. #[serde(default, skip_serializing_if = "Option::is_none")] pub env: Option>, - /// Outputs defines output bindings. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub outputs: Option>, /// SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise. #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipLogOutput")] pub skip_log_output: Option, @@ -529,50 +618,54 @@ pub struct ConfigurationErrorCatchScript { /// Binding represents a key/value set as a binding in an executing test. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ConfigurationErrorCatchScriptBindings { +pub struct ConfigurationErrorCatchScriptEnv { /// Name the name of the binding. pub name: String, /// Value value of the binding. pub value: serde_json::Value, } -/// Clusters holds a registry to clusters to support multi-cluster tests. +/// Sleep defines zzzz. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ConfigurationErrorCatchScriptClusters { - /// Context is the name of the context to use. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub context: Option, - /// Kubeconfig is the path to the referenced file. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kubeconfig: Option, +pub struct ConfigurationErrorCatchSleep { + /// Duration is the delay used for sleeping. + pub duration: String, } -/// Binding represents a key/value set as a binding in an executing test. +/// Update represents an update operation. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ConfigurationErrorCatchScriptEnv { - /// Name the name of the binding. - pub name: String, - /// Value value of the binding. - pub value: serde_json::Value, +pub struct ConfigurationErrorCatchUpdate { + /// DryRun determines whether the file should be applied in dry run mode. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dryRun")] + pub dry_run: Option, + /// Expect defines a list of matched checks to validate the operation outcome. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expect: Option>, + /// File is the path to the referenced file. This can be a direct path to a file + /// or an expression that matches multiple files, such as "manifest/*.yaml" for all YAML + /// files within the "manifest" directory. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub file: Option, + /// Resource provides a resource to be applied. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resource: Option>, + /// Template determines whether resources should be considered for templating. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub template: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, } -/// Output represents an output binding with a match to determine if the binding must be considered or not. +/// Expectation represents a check to be applied on the result of an operation +/// with a match filter to determine if the verification should be considered. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ConfigurationErrorCatchScriptOutputs { +pub struct ConfigurationErrorCatchUpdateExpect { + /// Check defines the verification statement. + pub check: BTreeMap, /// Match defines the matching statement. #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] pub r#match: Option>, - /// Name the name of the binding. - pub name: String, - /// Value value of the binding. - pub value: serde_json::Value, -} - -/// Sleep defines zzzz. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ConfigurationErrorCatchSleep { - /// Duration is the delay used for sleeping. - pub duration: String, } /// Wait determines the resource wait collector to execute. @@ -581,12 +674,6 @@ pub struct ConfigurationErrorCatchWait { /// API version of the referent. #[serde(rename = "apiVersion")] pub api_version: String, - /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cluster: Option, - /// Clusters holds a registry to clusters to support multi-cluster tests. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub clusters: Option>, /// WaitFor specifies the condition to wait for. #[serde(rename = "for")] pub r#for: ConfigurationErrorCatchWaitFor, @@ -612,17 +699,6 @@ pub struct ConfigurationErrorCatchWait { pub timeout: Option, } -/// Clusters holds a registry to clusters to support multi-cluster tests. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ConfigurationErrorCatchWaitClusters { - /// Context is the name of the context to use. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub context: Option, - /// Kubeconfig is the path to the referenced file. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kubeconfig: Option, -} - /// WaitFor specifies the condition to wait for. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ConfigurationErrorCatchWaitFor { diff --git a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/tests.rs b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/tests.rs index 56bbf8f12..72f152ddd 100644 --- a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/tests.rs +++ b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/tests.rs @@ -111,12 +111,31 @@ pub struct TestError { pub catch: Option>, } -/// CatchFinally defines actions to be executed in catch, finally and cleanup blocks. +/// Operation defines operation elements. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TestErrorCatch { + /// Apply represents resources that should be applied for this test step. This can include things + /// like configuration settings or any other resources that need to be available during the test. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub apply: Option, + /// Assert represents an assertion to be made. It checks whether the conditions specified in the assertion hold true. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub assert: Option, + /// Bindings defines additional binding key/values. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub bindings: Option>, + /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster: Option, + /// Clusters holds a registry to clusters to support multi-cluster tests. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub clusters: Option>, /// Command defines a command to run. #[serde(default, skip_serializing_if = "Option::is_none")] pub command: Option, + /// Create represents a creation operation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub create: Option, /// Delete represents a deletion operation. #[serde(default, skip_serializing_if = "Option::is_none")] pub delete: Option, @@ -126,12 +145,22 @@ pub struct TestErrorCatch { /// Description contains a description of the operation. #[serde(default, skip_serializing_if = "Option::is_none")] pub description: Option, + /// Error represents the expected errors for this test step. If any of these errors occur, the test + /// will consider them as expected; otherwise, they will be treated as test failures. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub error: Option, /// Events determines the events collector to execute. #[serde(default, skip_serializing_if = "Option::is_none")] pub events: Option, /// Get determines the resource get collector to execute. #[serde(default, skip_serializing_if = "Option::is_none")] pub get: Option, + /// Outputs defines output bindings. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub outputs: Option>, + /// Patch represents a patch operation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub patch: Option, /// PodLogs determines the pod logs collector to execute. #[serde(default, skip_serializing_if = "Option::is_none", rename = "podLogs")] pub pod_logs: Option, @@ -141,40 +170,65 @@ pub struct TestErrorCatch { /// Sleep defines zzzz. #[serde(default, skip_serializing_if = "Option::is_none")] pub sleep: Option, + /// Update represents an update operation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub update: Option, /// Wait determines the resource wait collector to execute. #[serde(default, skip_serializing_if = "Option::is_none")] pub wait: Option, } -/// Command defines a command to run. +/// Apply represents resources that should be applied for this test step. This can include things +/// like configuration settings or any other resources that need to be available during the test. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct TestErrorCatchCommand { - /// Args is the command arguments. +pub struct TestErrorCatchApply { + /// DryRun determines whether the file should be applied in dry run mode. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dryRun")] + pub dry_run: Option, + /// Expect defines a list of matched checks to validate the operation outcome. #[serde(default, skip_serializing_if = "Option::is_none")] - pub args: Option>, - /// Bindings defines additional binding key/values. + pub expect: Option>, + /// File is the path to the referenced file. This can be a direct path to a file + /// or an expression that matches multiple files, such as "manifest/*.yaml" for all YAML + /// files within the "manifest" directory. #[serde(default, skip_serializing_if = "Option::is_none")] - pub bindings: Option>, - /// Check is an assertion tree to validate the operation outcome. + pub file: Option, + /// Resource provides a resource to be applied. #[serde(default, skip_serializing_if = "Option::is_none")] - pub check: Option>, - /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). + pub resource: Option>, + /// Template determines whether resources should be considered for templating. #[serde(default, skip_serializing_if = "Option::is_none")] - pub cluster: Option, - /// Clusters holds a registry to clusters to support multi-cluster tests. + pub template: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. #[serde(default, skip_serializing_if = "Option::is_none")] - pub clusters: Option>, - /// Entrypoint is the command entry point to run. - pub entrypoint: String, - /// Env defines additional environment variables. + pub timeout: Option, +} + +/// Expectation represents a check to be applied on the result of an operation +/// with a match filter to determine if the verification should be considered. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchApplyExpect { + /// Check defines the verification statement. + pub check: BTreeMap, + /// Match defines the matching statement. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option>, +} + +/// Assert represents an assertion to be made. It checks whether the conditions specified in the assertion hold true. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchAssert { + /// File is the path to the referenced file. This can be a direct path to a file + /// or an expression that matches multiple files, such as "manifest/*.yaml" for all YAML + /// files within the "manifest" directory. #[serde(default, skip_serializing_if = "Option::is_none")] - pub env: Option>, - /// Outputs defines output bindings. + pub file: Option, + /// Check provides a check used in assertions. #[serde(default, skip_serializing_if = "Option::is_none")] - pub outputs: Option>, - /// SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipLogOutput")] - pub skip_log_output: Option, + pub resource: Option>, + /// Template determines whether resources should be considered for templating. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub template: Option, /// Timeout for the operation. Overrides the global timeout set in the Configuration. #[serde(default, skip_serializing_if = "Option::is_none")] pub timeout: Option, @@ -182,7 +236,7 @@ pub struct TestErrorCatchCommand { /// Binding represents a key/value set as a binding in an executing test. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct TestErrorCatchCommandBindings { +pub struct TestErrorCatchBindings { /// Name the name of the binding. pub name: String, /// Value value of the binding. @@ -191,7 +245,7 @@ pub struct TestErrorCatchCommandBindings { /// Clusters holds a registry to clusters to support multi-cluster tests. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct TestErrorCatchCommandClusters { +pub struct TestErrorCatchClusters { /// Context is the name of the context to use. #[serde(default, skip_serializing_if = "Option::is_none")] pub context: Option, @@ -200,6 +254,28 @@ pub struct TestErrorCatchCommandClusters { pub kubeconfig: Option, } +/// Command defines a command to run. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchCommand { + /// Args is the command arguments. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub args: Option>, + /// Check is an assertion tree to validate the operation outcome. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub check: Option>, + /// Entrypoint is the command entry point to run. + pub entrypoint: String, + /// Env defines additional environment variables. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub env: Option>, + /// SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipLogOutput")] + pub skip_log_output: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + /// Binding represents a key/value set as a binding in an executing test. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TestErrorCatchCommandEnv { @@ -209,30 +285,45 @@ pub struct TestErrorCatchCommandEnv { pub value: serde_json::Value, } -/// Output represents an output binding with a match to determine if the binding must be considered or not. +/// Create represents a creation operation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchCreate { + /// DryRun determines whether the file should be applied in dry run mode. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dryRun")] + pub dry_run: Option, + /// Expect defines a list of matched checks to validate the operation outcome. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expect: Option>, + /// File is the path to the referenced file. This can be a direct path to a file + /// or an expression that matches multiple files, such as "manifest/*.yaml" for all YAML + /// files within the "manifest" directory. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub file: Option, + /// Resource provides a resource to be applied. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resource: Option>, + /// Template determines whether resources should be considered for templating. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub template: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Expectation represents a check to be applied on the result of an operation +/// with a match filter to determine if the verification should be considered. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct TestErrorCatchCommandOutputs { +pub struct TestErrorCatchCreateExpect { + /// Check defines the verification statement. + pub check: BTreeMap, /// Match defines the matching statement. #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] pub r#match: Option>, - /// Name the name of the binding. - pub name: String, - /// Value value of the binding. - pub value: serde_json::Value, } /// Delete represents a deletion operation. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TestErrorCatchDelete { - /// Bindings defines additional binding key/values. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub bindings: Option>, - /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cluster: Option, - /// Clusters holds a registry to clusters to support multi-cluster tests. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub clusters: Option>, /// DeletionPropagationPolicy decides if a deletion will propagate to the dependents of /// the object, and how the garbage collector will handle the propagation. /// Overrides the deletion propagation policy set in the Configuration, the Test and the TestStep. @@ -257,26 +348,6 @@ pub struct TestErrorCatchDelete { pub timeout: Option, } -/// Binding represents a key/value set as a binding in an executing test. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct TestErrorCatchDeleteBindings { - /// Name the name of the binding. - pub name: String, - /// Value value of the binding. - pub value: serde_json::Value, -} - -/// Clusters holds a registry to clusters to support multi-cluster tests. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct TestErrorCatchDeleteClusters { - /// Context is the name of the context to use. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub context: Option, - /// Kubeconfig is the path to the referenced file. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kubeconfig: Option, -} - /// Delete represents a deletion operation. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum TestErrorCatchDeleteDeletionPropagationPolicy { @@ -306,8 +377,8 @@ pub struct TestErrorCatchDeleteRef { /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds pub kind: String, /// Label selector to match objects to delete - #[serde(default, skip_serializing_if = "Option::is_none")] - pub labels: Option>, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, /// Name of the referent. /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names #[serde(default, skip_serializing_if = "Option::is_none")] @@ -318,18 +389,42 @@ pub struct TestErrorCatchDeleteRef { pub namespace: Option, } +/// Label selector to match objects to delete +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchDeleteRefLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchDeleteRefLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// Describe determines the resource describe collector to execute. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TestErrorCatchDescribe { /// API version of the referent. #[serde(rename = "apiVersion")] pub api_version: String, - /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cluster: Option, - /// Clusters holds a registry to clusters to support multi-cluster tests. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub clusters: Option>, /// Kind of the referent. /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds pub kind: String, @@ -352,26 +447,29 @@ pub struct TestErrorCatchDescribe { pub timeout: Option, } -/// Clusters holds a registry to clusters to support multi-cluster tests. +/// Error represents the expected errors for this test step. If any of these errors occur, the test +/// will consider them as expected; otherwise, they will be treated as test failures. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct TestErrorCatchDescribeClusters { - /// Context is the name of the context to use. +pub struct TestErrorCatchError { + /// File is the path to the referenced file. This can be a direct path to a file + /// or an expression that matches multiple files, such as "manifest/*.yaml" for all YAML + /// files within the "manifest" directory. #[serde(default, skip_serializing_if = "Option::is_none")] - pub context: Option, - /// Kubeconfig is the path to the referenced file. + pub file: Option, + /// Check provides a check used in assertions. #[serde(default, skip_serializing_if = "Option::is_none")] - pub kubeconfig: Option, + pub resource: Option>, + /// Template determines whether resources should be considered for templating. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub template: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, } /// Events determines the events collector to execute. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TestErrorCatchEvents { - /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cluster: Option, - /// Clusters holds a registry to clusters to support multi-cluster tests. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub clusters: Option>, /// Format determines the output format (json or yaml). #[serde(default, skip_serializing_if = "Option::is_none")] pub format: Option, @@ -391,29 +489,12 @@ pub struct TestErrorCatchEvents { pub timeout: Option, } -/// Clusters holds a registry to clusters to support multi-cluster tests. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct TestErrorCatchEventsClusters { - /// Context is the name of the context to use. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub context: Option, - /// Kubeconfig is the path to the referenced file. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kubeconfig: Option, -} - /// Get determines the resource get collector to execute. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TestErrorCatchGet { /// API version of the referent. #[serde(rename = "apiVersion")] pub api_version: String, - /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cluster: Option, - /// Clusters holds a registry to clusters to support multi-cluster tests. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub clusters: Option>, /// Format determines the output format (json or yaml). #[serde(default, skip_serializing_if = "Option::is_none")] pub format: Option, @@ -436,26 +517,57 @@ pub struct TestErrorCatchGet { pub timeout: Option, } -/// Clusters holds a registry to clusters to support multi-cluster tests. +/// Output represents an output binding with a match to determine if the binding must be considered or not. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct TestErrorCatchGetClusters { - /// Context is the name of the context to use. +pub struct TestErrorCatchOutputs { + /// Match defines the matching statement. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option>, + /// Name the name of the binding. + pub name: String, + /// Value value of the binding. + pub value: serde_json::Value, +} + +/// Patch represents a patch operation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchPatch { + /// DryRun determines whether the file should be applied in dry run mode. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dryRun")] + pub dry_run: Option, + /// Expect defines a list of matched checks to validate the operation outcome. #[serde(default, skip_serializing_if = "Option::is_none")] - pub context: Option, - /// Kubeconfig is the path to the referenced file. + pub expect: Option>, + /// File is the path to the referenced file. This can be a direct path to a file + /// or an expression that matches multiple files, such as "manifest/*.yaml" for all YAML + /// files within the "manifest" directory. #[serde(default, skip_serializing_if = "Option::is_none")] - pub kubeconfig: Option, + pub file: Option, + /// Resource provides a resource to be applied. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resource: Option>, + /// Template determines whether resources should be considered for templating. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub template: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// Expectation represents a check to be applied on the result of an operation +/// with a match filter to determine if the verification should be considered. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestErrorCatchPatchExpect { + /// Check defines the verification statement. + pub check: BTreeMap, + /// Match defines the matching statement. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] + pub r#match: Option>, } /// PodLogs determines the pod logs collector to execute. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TestErrorCatchPodLogs { - /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cluster: Option, - /// Clusters holds a registry to clusters to support multi-cluster tests. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub clusters: Option>, /// Container in pod to get logs from else --all-containers is used. #[serde(default, skip_serializing_if = "Option::is_none")] pub container: Option, @@ -480,41 +592,18 @@ pub struct TestErrorCatchPodLogs { pub timeout: Option, } -/// Clusters holds a registry to clusters to support multi-cluster tests. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct TestErrorCatchPodLogsClusters { - /// Context is the name of the context to use. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub context: Option, - /// Kubeconfig is the path to the referenced file. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kubeconfig: Option, -} - /// Script defines a script to run. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TestErrorCatchScript { - /// Bindings defines additional binding key/values. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub bindings: Option>, /// Check is an assertion tree to validate the operation outcome. #[serde(default, skip_serializing_if = "Option::is_none")] pub check: Option>, - /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cluster: Option, - /// Clusters holds a registry to clusters to support multi-cluster tests. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub clusters: Option>, /// Content defines a shell script (run with "sh -c ..."). #[serde(default, skip_serializing_if = "Option::is_none")] pub content: Option, /// Env defines additional environment variables. #[serde(default, skip_serializing_if = "Option::is_none")] pub env: Option>, - /// Outputs defines output bindings. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub outputs: Option>, /// SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise. #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipLogOutput")] pub skip_log_output: Option, @@ -525,50 +614,54 @@ pub struct TestErrorCatchScript { /// Binding represents a key/value set as a binding in an executing test. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct TestErrorCatchScriptBindings { +pub struct TestErrorCatchScriptEnv { /// Name the name of the binding. pub name: String, /// Value value of the binding. pub value: serde_json::Value, } -/// Clusters holds a registry to clusters to support multi-cluster tests. +/// Sleep defines zzzz. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct TestErrorCatchScriptClusters { - /// Context is the name of the context to use. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub context: Option, - /// Kubeconfig is the path to the referenced file. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kubeconfig: Option, +pub struct TestErrorCatchSleep { + /// Duration is the delay used for sleeping. + pub duration: String, } -/// Binding represents a key/value set as a binding in an executing test. +/// Update represents an update operation. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct TestErrorCatchScriptEnv { - /// Name the name of the binding. - pub name: String, - /// Value value of the binding. - pub value: serde_json::Value, +pub struct TestErrorCatchUpdate { + /// DryRun determines whether the file should be applied in dry run mode. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dryRun")] + pub dry_run: Option, + /// Expect defines a list of matched checks to validate the operation outcome. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expect: Option>, + /// File is the path to the referenced file. This can be a direct path to a file + /// or an expression that matches multiple files, such as "manifest/*.yaml" for all YAML + /// files within the "manifest" directory. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub file: Option, + /// Resource provides a resource to be applied. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resource: Option>, + /// Template determines whether resources should be considered for templating. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub template: Option, + /// Timeout for the operation. Overrides the global timeout set in the Configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, } -/// Output represents an output binding with a match to determine if the binding must be considered or not. +/// Expectation represents a check to be applied on the result of an operation +/// with a match filter to determine if the verification should be considered. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct TestErrorCatchScriptOutputs { +pub struct TestErrorCatchUpdateExpect { + /// Check defines the verification statement. + pub check: BTreeMap, /// Match defines the matching statement. #[serde(default, skip_serializing_if = "Option::is_none", rename = "match")] pub r#match: Option>, - /// Name the name of the binding. - pub name: String, - /// Value value of the binding. - pub value: serde_json::Value, -} - -/// Sleep defines zzzz. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct TestErrorCatchSleep { - /// Duration is the delay used for sleeping. - pub duration: String, } /// Wait determines the resource wait collector to execute. @@ -577,12 +670,6 @@ pub struct TestErrorCatchWait { /// API version of the referent. #[serde(rename = "apiVersion")] pub api_version: String, - /// Cluster defines the target cluster (default cluster will be used if not specified and/or overridden). - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cluster: Option, - /// Clusters holds a registry to clusters to support multi-cluster tests. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub clusters: Option>, /// WaitFor specifies the condition to wait for. #[serde(rename = "for")] pub r#for: TestErrorCatchWaitFor, @@ -608,17 +695,6 @@ pub struct TestErrorCatchWait { pub timeout: Option, } -/// Clusters holds a registry to clusters to support multi-cluster tests. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct TestErrorCatchWaitClusters { - /// Context is the name of the context to use. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub context: Option, - /// Kubeconfig is the path to the referenced file. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kubeconfig: Option, -} - /// WaitFor specifies the condition to wait for. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TestErrorCatchWaitFor { @@ -1005,8 +1081,8 @@ pub struct TestStepsCatchDeleteRef { /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds pub kind: String, /// Label selector to match objects to delete - #[serde(default, skip_serializing_if = "Option::is_none")] - pub labels: Option>, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, /// Name of the referent. /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names #[serde(default, skip_serializing_if = "Option::is_none")] @@ -1017,6 +1093,36 @@ pub struct TestStepsCatchDeleteRef { pub namespace: Option, } +/// Label selector to match objects to delete +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchDeleteRefLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCatchDeleteRefLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// Describe determines the resource describe collector to execute. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TestStepsCatchDescribe { @@ -1597,8 +1703,8 @@ pub struct TestStepsCleanupDeleteRef { /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds pub kind: String, /// Label selector to match objects to delete - #[serde(default, skip_serializing_if = "Option::is_none")] - pub labels: Option>, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, /// Name of the referent. /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names #[serde(default, skip_serializing_if = "Option::is_none")] @@ -1609,6 +1715,36 @@ pub struct TestStepsCleanupDeleteRef { pub namespace: Option, } +/// Label selector to match objects to delete +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupDeleteRefLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsCleanupDeleteRefLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// Describe determines the resource describe collector to execute. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TestStepsCleanupDescribe { @@ -2208,8 +2344,8 @@ pub struct TestStepsFinallyDeleteRef { /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds pub kind: String, /// Label selector to match objects to delete - #[serde(default, skip_serializing_if = "Option::is_none")] - pub labels: Option>, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, /// Name of the referent. /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names #[serde(default, skip_serializing_if = "Option::is_none")] @@ -2220,6 +2356,36 @@ pub struct TestStepsFinallyDeleteRef { pub namespace: Option, } +/// Label selector to match objects to delete +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyDeleteRefLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsFinallyDeleteRefLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// Describe determines the resource describe collector to execute. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TestStepsFinallyDescribe { @@ -2827,8 +2993,8 @@ pub struct TestStepsTryDeleteRef { /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds pub kind: String, /// Label selector to match objects to delete - #[serde(default, skip_serializing_if = "Option::is_none")] - pub labels: Option>, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, /// Name of the referent. /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names #[serde(default, skip_serializing_if = "Option::is_none")] @@ -2839,6 +3005,36 @@ pub struct TestStepsTryDeleteRef { pub namespace: Option, } +/// Label selector to match objects to delete +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryDeleteRefLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct TestStepsTryDeleteRefLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// Describe determines the resource describe collector to execute. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TestStepsTryDescribe { diff --git a/kube-custom-resources-rs/src/cilium_io/v2alpha1/ciliumloadbalancerippools.rs b/kube-custom-resources-rs/src/cilium_io/v2alpha1/ciliumloadbalancerippools.rs index 2466afcf9..37a7d00e8 100644 --- a/kube-custom-resources-rs/src/cilium_io/v2alpha1/ciliumloadbalancerippools.rs +++ b/kube-custom-resources-rs/src/cilium_io/v2alpha1/ciliumloadbalancerippools.rs @@ -25,9 +25,6 @@ pub struct CiliumLoadBalancerIPPoolSpec { /// Blocks is a list of CIDRs comprising this IP Pool #[serde(default, skip_serializing_if = "Option::is_none")] pub blocks: Option>, - /// Cidrs is a list of CIDRs comprising this IP Pool Deprecated: please use the `blocks` field instead. This field will be removed in a future release. https://github.com/cilium/cilium/issues/28590 - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cidrs: Option>, /// Disabled, if set to true means that no new IPs will be allocated from this pool. Existing allocations will not be removed from services. #[serde(default, skip_serializing_if = "Option::is_none")] pub disabled: Option, @@ -54,17 +51,6 @@ pub struct CiliumLoadBalancerIPPoolBlocks { pub stop: Option, } -/// CiliumLoadBalancerIPPoolIPBlock describes a single IP block. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct CiliumLoadBalancerIPPoolCidrs { - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cidr: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub start: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub stop: Option, -} - /// ServiceSelector selects a set of services which are eligible to receive IPs from this #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CiliumLoadBalancerIPPoolServiceSelector { diff --git a/kube-custom-resources-rs/src/datadoghq_com/v1alpha1/datadogagents.rs b/kube-custom-resources-rs/src/datadoghq_com/v1alpha1/datadogagents.rs index ff7c03c5c..ba8a150b3 100644 --- a/kube-custom-resources-rs/src/datadoghq_com/v1alpha1/datadogagents.rs +++ b/kube-custom-resources-rs/src/datadoghq_com/v1alpha1/datadogagents.rs @@ -272,10 +272,10 @@ pub struct DatadogAgentAgentAffinityPodAffinityPreferredDuringSchedulingIgnoredD /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. @@ -306,7 +306,7 @@ pub struct DatadogAgentAgentAffinityPodAffinityPreferredDuringSchedulingIgnoredD pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -335,10 +335,10 @@ pub struct DatadogAgentAgentAffinityPodAffinityRequiredDuringSchedulingIgnoredDu /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. @@ -369,7 +369,7 @@ pub struct DatadogAgentAgentAffinityPodAffinityRequiredDuringSchedulingIgnoredDu pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -419,10 +419,10 @@ pub struct DatadogAgentAgentAffinityPodAntiAffinityPreferredDuringSchedulingIgno /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. @@ -453,7 +453,7 @@ pub struct DatadogAgentAgentAffinityPodAntiAffinityPreferredDuringSchedulingIgno pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -482,10 +482,10 @@ pub struct DatadogAgentAgentAffinityPodAntiAffinityRequiredDuringSchedulingIgnor /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. @@ -516,7 +516,7 @@ pub struct DatadogAgentAgentAffinityPodAntiAffinityRequiredDuringSchedulingIgnor pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -660,7 +660,7 @@ pub struct DatadogAgentAgentApmLivenessProbe { /// Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, - /// GRPC specifies an action involving a GRPC port. This is an alpha field and requires enabling GRPCContainerProbe feature gate. + /// GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -694,7 +694,7 @@ pub struct DatadogAgentAgentApmLivenessProbeExec { pub command: Option>, } -/// GRPC specifies an action involving a GRPC port. This is an alpha field and requires enabling GRPCContainerProbe feature gate. +/// GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentApmLivenessProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -884,12 +884,12 @@ pub struct DatadogAgentAgentConfigChecksd { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigChecksdItems { - /// The key to project. + /// key is the key to project. pub key: String, - /// Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. pub path: String, } @@ -907,12 +907,12 @@ pub struct DatadogAgentAgentConfigConfd { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigConfdItems { - /// The key to project. + /// key is the key to project. pub key: String, - /// Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. pub path: String, } @@ -1147,7 +1147,7 @@ pub struct DatadogAgentAgentConfigLivenessProbe { /// Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, - /// GRPC specifies an action involving a GRPC port. This is an alpha field and requires enabling GRPCContainerProbe feature gate. + /// GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -1181,7 +1181,7 @@ pub struct DatadogAgentAgentConfigLivenessProbeExec { pub command: Option>, } -/// GRPC specifies an action involving a GRPC port. This is an alpha field and requires enabling GRPCContainerProbe feature gate. +/// GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigLivenessProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -1239,7 +1239,7 @@ pub struct DatadogAgentAgentConfigReadinessProbe { /// Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, - /// GRPC specifies an action involving a GRPC port. This is an alpha field and requires enabling GRPCContainerProbe feature gate. + /// GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -1273,7 +1273,7 @@ pub struct DatadogAgentAgentConfigReadinessProbeExec { pub command: Option>, } -/// GRPC specifies an action involving a GRPC port. This is an alpha field and requires enabling GRPCContainerProbe feature gate. +/// GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigReadinessProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -1470,178 +1470,178 @@ pub struct DatadogAgentAgentConfigVolumeMounts { /// Volume represents a named volume in a pod that may be accessed by any container in the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumes { - /// AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + /// awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore #[serde(default, skip_serializing_if = "Option::is_none", rename = "awsElasticBlockStore")] pub aws_elastic_block_store: Option, - /// AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + /// azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. #[serde(default, skip_serializing_if = "Option::is_none", rename = "azureDisk")] pub azure_disk: Option, - /// AzureFile represents an Azure File Service mount on the host and bind mount to the pod. + /// azureFile represents an Azure File Service mount on the host and bind mount to the pod. #[serde(default, skip_serializing_if = "Option::is_none", rename = "azureFile")] pub azure_file: Option, - /// CephFS represents a Ceph FS mount on the host that shares a pod's lifetime + /// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime #[serde(default, skip_serializing_if = "Option::is_none")] pub cephfs: Option, - /// Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + /// cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[serde(default, skip_serializing_if = "Option::is_none")] pub cinder: Option, - /// ConfigMap represents a configMap that should populate this volume + /// configMap represents a configMap that should populate this volume #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] pub config_map: Option, - /// CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). + /// csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). #[serde(default, skip_serializing_if = "Option::is_none")] pub csi: Option, - /// DownwardAPI represents downward API about the pod that should populate this volume + /// downwardAPI represents downward API about the pod that should populate this volume #[serde(default, skip_serializing_if = "Option::is_none", rename = "downwardAPI")] pub downward_api: Option, - /// EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + /// emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDir")] pub empty_dir: Option, - /// Ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. + /// ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. /// Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). /// Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. /// A pod can use both types of ephemeral volumes and persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] pub ephemeral: Option, - /// FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. + /// fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. #[serde(default, skip_serializing_if = "Option::is_none")] pub fc: Option, - /// FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + /// flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. #[serde(default, skip_serializing_if = "Option::is_none", rename = "flexVolume")] pub flex_volume: Option, - /// Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running + /// flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running #[serde(default, skip_serializing_if = "Option::is_none")] pub flocker: Option, - /// GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + /// gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[serde(default, skip_serializing_if = "Option::is_none", rename = "gcePersistentDisk")] pub gce_persistent_disk: Option, - /// GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. + /// gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gitRepo")] pub git_repo: Option, - /// Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md + /// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md #[serde(default, skip_serializing_if = "Option::is_none")] pub glusterfs: Option, - /// HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. + /// hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, - /// ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md + /// iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md #[serde(default, skip_serializing_if = "Option::is_none")] pub iscsi: Option, - /// Volume's name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names pub name: String, - /// NFS represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + /// nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs #[serde(default, skip_serializing_if = "Option::is_none")] pub nfs: Option, - /// PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + /// persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims #[serde(default, skip_serializing_if = "Option::is_none", rename = "persistentVolumeClaim")] pub persistent_volume_claim: Option, - /// PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + /// photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "photonPersistentDisk")] pub photon_persistent_disk: Option, - /// PortworxVolume represents a portworx volume attached and mounted on kubelets host machine + /// portworxVolume represents a portworx volume attached and mounted on kubelets host machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "portworxVolume")] pub portworx_volume: Option, - /// Items for all in one resources secrets, configmaps, and downward API + /// projected items for all in one resources secrets, configmaps, and downward API #[serde(default, skip_serializing_if = "Option::is_none")] pub projected: Option, - /// Quobyte represents a Quobyte mount on the host that shares a pod's lifetime + /// quobyte represents a Quobyte mount on the host that shares a pod's lifetime #[serde(default, skip_serializing_if = "Option::is_none")] pub quobyte: Option, - /// RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md + /// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md #[serde(default, skip_serializing_if = "Option::is_none")] pub rbd: Option, - /// ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + /// scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scaleIO")] pub scale_io: Option, - /// Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + /// secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + /// storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. #[serde(default, skip_serializing_if = "Option::is_none")] pub storageos: Option, - /// VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + /// vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "vsphereVolume")] pub vsphere_volume: Option, } -/// AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +/// awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesAwsElasticBlockStore { - /// Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine + /// fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + /// partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). #[serde(default, skip_serializing_if = "Option::is_none")] pub partition: Option, - /// Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + /// readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + /// volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore #[serde(rename = "volumeID")] pub volume_id: String, } -/// AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. +/// azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesAzureDisk { - /// Host Caching mode: None, Read Only, Read Write. + /// cachingMode is the Host Caching mode: None, Read Only, Read Write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cachingMode")] pub caching_mode: Option, - /// The Name of the data disk in the blob storage + /// diskName is the Name of the data disk in the blob storage #[serde(rename = "diskName")] pub disk_name: String, - /// The URI the data disk in the blob storage + /// diskURI is the URI of data disk in the blob storage #[serde(rename = "diskURI")] pub disk_uri: String, - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared + /// kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, } -/// AzureFile represents an Azure File Service mount on the host and bind mount to the pod. +/// azureFile represents an Azure File Service mount on the host and bind mount to the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesAzureFile { - /// Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// the name of secret that contains Azure Storage Account Name and Key + /// secretName is the name of secret that contains Azure Storage Account Name and Key #[serde(rename = "secretName")] pub secret_name: String, - /// Share Name + /// shareName is the azure share Name #[serde(rename = "shareName")] pub share_name: String, } -/// CephFS represents a Ceph FS mount on the host that shares a pod's lifetime +/// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesCephfs { - /// Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + /// monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it pub monitors: Vec, - /// Optional: Used as the mounted root, rather than the full Ceph tree, default is / + /// path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + /// secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretFile")] pub secret_file: Option, - /// Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + /// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, - /// Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + /// user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none")] pub user: Option, } -/// Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +/// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesCephfsSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -1649,24 +1649,24 @@ pub struct DatadogAgentAgentConfigVolumesCephfsSecretRef { pub name: Option, } -/// Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md +/// cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesCinder { - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Optional: points to a secret object containing parameters used to connect to OpenStack. + /// secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, - /// volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + /// volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[serde(rename = "volumeID")] pub volume_id: String, } -/// Optional: points to a secret object containing parameters used to connect to OpenStack. +/// secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesCinderSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -1674,19 +1674,19 @@ pub struct DatadogAgentAgentConfigVolumesCinderSecretRef { pub name: Option, } -/// ConfigMap represents a configMap that should populate this volume +/// configMap represents a configMap that should populate this volume #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesConfigMap { - /// Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + /// items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Specify whether the ConfigMap or its keys must be defined + /// optional specify whether the ConfigMap or its keys must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, } @@ -1694,35 +1694,35 @@ pub struct DatadogAgentAgentConfigVolumesConfigMap { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesConfigMapItems { - /// The key to project. + /// key is the key to project. pub key: String, - /// Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. pub path: String, } -/// CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). +/// csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesCsi { - /// Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. + /// driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. pub driver: String, - /// Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. + /// fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. + /// nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodePublishSecretRef")] pub node_publish_secret_ref: Option, - /// Specifies a read-only configuration for the volume. Defaults to false (read/write). + /// readOnly specifies a read-only configuration for the volume. Defaults to false (read/write). #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. + /// volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributes")] pub volume_attributes: Option>, } -/// NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. +/// nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesCsiNodePublishSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -1730,7 +1730,7 @@ pub struct DatadogAgentAgentConfigVolumesCsiNodePublishSecretRef { pub name: Option, } -/// DownwardAPI represents downward API about the pod that should populate this volume +/// downwardAPI represents downward API about the pod that should populate this volume #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesDownwardApi { /// Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. @@ -1781,18 +1781,18 @@ pub struct DatadogAgentAgentConfigVolumesDownwardApiItemsResourceFieldRef { pub resource: String, } -/// EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +/// emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesEmptyDir { - /// What type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + /// medium represents what type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[serde(default, skip_serializing_if = "Option::is_none")] pub medium: Option, - /// Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir + /// sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir #[serde(default, skip_serializing_if = "Option::is_none", rename = "sizeLimit")] pub size_limit: Option, } -/// Ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. +/// ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. /// Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). /// Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. @@ -1828,33 +1828,33 @@ pub struct DatadogAgentAgentConfigVolumesEphemeralVolumeClaimTemplateMetadata { /// The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesEphemeralVolumeClaimTemplateSpec { - /// AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + /// accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] pub access_modes: Option>, - /// This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. + /// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSource")] pub data_source: Option, - /// Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Alpha) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSourceRef")] pub data_source_ref: Option, - /// Resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + /// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, - /// A label query over volumes to consider for binding. + /// selector is a label query over volumes to consider for binding. #[serde(default, skip_serializing_if = "Option::is_none")] pub selector: Option, - /// Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + /// storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] pub storage_class_name: Option, /// volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] pub volume_mode: Option, - /// VolumeName is the binding reference to the PersistentVolume backing this claim. + /// volumeName is the binding reference to the PersistentVolume backing this claim. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] pub volume_name: Option, } -/// This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. +/// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesEphemeralVolumeClaimTemplateSpecDataSource { /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. @@ -1866,7 +1866,7 @@ pub struct DatadogAgentAgentConfigVolumesEphemeralVolumeClaimTemplateSpecDataSou pub name: String, } -/// Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Alpha) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesEphemeralVolumeClaimTemplateSpecDataSourceRef { /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. @@ -1878,7 +1878,7 @@ pub struct DatadogAgentAgentConfigVolumesEphemeralVolumeClaimTemplateSpecDataSou pub name: String, } -/// Resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +/// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesEphemeralVolumeClaimTemplateSpecResources { /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -1889,7 +1889,7 @@ pub struct DatadogAgentAgentConfigVolumesEphemeralVolumeClaimTemplateSpecResourc pub requests: Option>, } -/// A label query over volumes to consider for binding. +/// selector is a label query over volumes to consider for binding. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesEphemeralVolumeClaimTemplateSpecSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -1912,46 +1912,46 @@ pub struct DatadogAgentAgentConfigVolumesEphemeralVolumeClaimTemplateSpecSelecto pub values: Option>, } -/// FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. +/// fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesFc { - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Optional: FC target lun number + /// lun is Optional: FC target lun number #[serde(default, skip_serializing_if = "Option::is_none")] pub lun: Option, - /// Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Optional: FC target worldwide names (WWNs) + /// targetWWNs is Optional: FC target worldwide names (WWNs) #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetWWNs")] pub target_ww_ns: Option>, - /// Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + /// wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. #[serde(default, skip_serializing_if = "Option::is_none")] pub wwids: Option>, } -/// FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. +/// flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesFlexVolume { - /// Driver is the name of the driver to use for this volume. + /// driver is the name of the driver to use for this volume. pub driver: String, - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Optional: Extra command options if any. + /// options is Optional: this field holds extra command options if any. #[serde(default, skip_serializing_if = "Option::is_none")] pub options: Option>, - /// Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. + /// secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, } -/// Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. +/// secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesFlexVolumeSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -1959,106 +1959,106 @@ pub struct DatadogAgentAgentConfigVolumesFlexVolumeSecretRef { pub name: Option, } -/// Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running +/// flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesFlocker { - /// Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated + /// datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated #[serde(default, skip_serializing_if = "Option::is_none", rename = "datasetName")] pub dataset_name: Option, - /// UUID of the dataset. This is unique identifier of a Flocker dataset + /// datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset #[serde(default, skip_serializing_if = "Option::is_none", rename = "datasetUUID")] pub dataset_uuid: Option, } -/// GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +/// gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesGcePersistentDisk { - /// Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine + /// fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + /// partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[serde(default, skip_serializing_if = "Option::is_none")] pub partition: Option, - /// Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + /// pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[serde(rename = "pdName")] pub pd_name: String, - /// ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + /// readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, } -/// GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. +/// gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesGitRepo { - /// Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. + /// directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. #[serde(default, skip_serializing_if = "Option::is_none")] pub directory: Option, - /// Repository URL + /// repository is the URL pub repository: String, - /// Commit hash for the specified revision. + /// revision is the commit hash for the specified revision. #[serde(default, skip_serializing_if = "Option::is_none")] pub revision: Option, } -/// Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md +/// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesGlusterfs { - /// EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + /// endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod pub endpoints: String, - /// Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + /// path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod pub path: String, - /// ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + /// readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, } -/// HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. +/// hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesHostPath { - /// Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + /// path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath pub path: String, - /// Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + /// type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, } -/// ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md +/// iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesIscsi { - /// whether support iSCSI Discovery CHAP authentication + /// chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication #[serde(default, skip_serializing_if = "Option::is_none", rename = "chapAuthDiscovery")] pub chap_auth_discovery: Option, - /// whether support iSCSI Session CHAP authentication + /// chapAuthSession defines whether support iSCSI Session CHAP authentication #[serde(default, skip_serializing_if = "Option::is_none", rename = "chapAuthSession")] pub chap_auth_session: Option, - /// Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine + /// fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. + /// initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. #[serde(default, skip_serializing_if = "Option::is_none", rename = "initiatorName")] pub initiator_name: Option, - /// Target iSCSI Qualified Name. + /// iqn is the target iSCSI Qualified Name. pub iqn: String, - /// iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). + /// iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). #[serde(default, skip_serializing_if = "Option::is_none", rename = "iscsiInterface")] pub iscsi_interface: Option, - /// iSCSI Target Lun number. + /// lun represents iSCSI Target Lun number. pub lun: i32, - /// iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + /// portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). #[serde(default, skip_serializing_if = "Option::is_none")] pub portals: Option>, - /// ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. + /// readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// CHAP Secret for iSCSI target and initiator authentication + /// secretRef is the CHAP Secret for iSCSI target and initiator authentication #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, - /// iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + /// targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). #[serde(rename = "targetPortal")] pub target_portal: String, } -/// CHAP Secret for iSCSI target and initiator authentication +/// secretRef is the CHAP Secret for iSCSI target and initiator authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesIscsiSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -2066,61 +2066,61 @@ pub struct DatadogAgentAgentConfigVolumesIscsiSecretRef { pub name: Option, } -/// NFS represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs +/// nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesNfs { - /// Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + /// path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs pub path: String, - /// ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + /// readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + /// server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs pub server: String, } -/// PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +/// persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesPersistentVolumeClaim { - /// ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + /// claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims #[serde(rename = "claimName")] pub claim_name: String, - /// Will force the ReadOnly setting in VolumeMounts. Default false. + /// readOnly Will force the ReadOnly setting in VolumeMounts. Default false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, } -/// PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine +/// photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesPhotonPersistentDisk { - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// ID that identifies Photon Controller persistent disk + /// pdID is the ID that identifies Photon Controller persistent disk #[serde(rename = "pdID")] pub pd_id: String, } -/// PortworxVolume represents a portworx volume attached and mounted on kubelets host machine +/// portworxVolume represents a portworx volume attached and mounted on kubelets host machine #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesPortworxVolume { - /// FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + /// fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// VolumeID uniquely identifies a Portworx volume + /// volumeID uniquely identifies a Portworx volume #[serde(rename = "volumeID")] pub volume_id: String, } -/// Items for all in one resources secrets, configmaps, and downward API +/// projected items for all in one resources secrets, configmaps, and downward API #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesProjected { - /// Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// list of volume projections + /// sources is the list of volume projections #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } @@ -2128,30 +2128,30 @@ pub struct DatadogAgentAgentConfigVolumesProjected { /// Projection that may be projected along with other supported volume types #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesProjectedSources { - /// information about the configMap data to project + /// configMap information about the configMap data to project #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] pub config_map: Option, - /// information about the downwardAPI data to project + /// downwardAPI information about the downwardAPI data to project #[serde(default, skip_serializing_if = "Option::is_none", rename = "downwardAPI")] pub downward_api: Option, - /// information about the secret data to project + /// secret information about the secret data to project #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// information about the serviceAccountToken data to project + /// serviceAccountToken is information about the serviceAccountToken data to project #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccountToken")] pub service_account_token: Option, } -/// information about the configMap data to project +/// configMap information about the configMap data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesProjectedSourcesConfigMap { - /// If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + /// items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Specify whether the ConfigMap or its keys must be defined + /// optional specify whether the ConfigMap or its keys must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, } @@ -2159,16 +2159,16 @@ pub struct DatadogAgentAgentConfigVolumesProjectedSourcesConfigMap { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesProjectedSourcesConfigMapItems { - /// The key to project. + /// key is the key to project. pub key: String, - /// Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. pub path: String, } -/// information about the downwardAPI data to project +/// downwardAPI information about the downwardAPI data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesProjectedSourcesDownwardApi { /// Items is a list of DownwardAPIVolume file @@ -2216,16 +2216,16 @@ pub struct DatadogAgentAgentConfigVolumesProjectedSourcesDownwardApiItemsResourc pub resource: String, } -/// information about the secret data to project +/// secret information about the secret data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesProjectedSourcesSecret { - /// If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + /// items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Specify whether the Secret or its key must be defined + /// optional field specify whether the Secret or its key must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, } @@ -2233,77 +2233,77 @@ pub struct DatadogAgentAgentConfigVolumesProjectedSourcesSecret { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesProjectedSourcesSecretItems { - /// The key to project. + /// key is the key to project. pub key: String, - /// Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. pub path: String, } -/// information about the serviceAccountToken data to project +/// serviceAccountToken is information about the serviceAccountToken data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesProjectedSourcesServiceAccountToken { - /// Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + /// audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. #[serde(default, skip_serializing_if = "Option::is_none")] pub audience: Option, - /// ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + /// expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. #[serde(default, skip_serializing_if = "Option::is_none", rename = "expirationSeconds")] pub expiration_seconds: Option, - /// Path is the path relative to the mount point of the file to project the token into. + /// path is the path relative to the mount point of the file to project the token into. pub path: String, } -/// Quobyte represents a Quobyte mount on the host that shares a pod's lifetime +/// quobyte represents a Quobyte mount on the host that shares a pod's lifetime #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesQuobyte { - /// Group to map volume access to Default is no group + /// group to map volume access to Default is no group #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, - /// ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. + /// readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes + /// registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes pub registry: String, - /// Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin + /// tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin #[serde(default, skip_serializing_if = "Option::is_none")] pub tenant: Option, - /// User to map volume access to Defaults to serivceaccount user + /// user to map volume access to Defaults to serivceaccount user #[serde(default, skip_serializing_if = "Option::is_none")] pub user: Option, - /// Volume is a string that references an already created Quobyte volume by name. + /// volume is a string that references an already created Quobyte volume by name. pub volume: String, } -/// RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md +/// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesRbd { - /// Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine + /// fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it pub image: String, - /// Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none")] pub keyring: Option, - /// A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it pub monitors: Vec, - /// The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none")] pub pool: Option, - /// ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, - /// The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none")] pub user: Option, } -/// SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +/// secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesRbdSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -2311,40 +2311,40 @@ pub struct DatadogAgentAgentConfigVolumesRbdSecretRef { pub name: Option, } -/// ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. +/// scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesScaleIo { - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// The host address of the ScaleIO API Gateway. + /// gateway is the host address of the ScaleIO API Gateway. pub gateway: String, - /// The name of the ScaleIO Protection Domain for the configured storage. + /// protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. #[serde(default, skip_serializing_if = "Option::is_none", rename = "protectionDomain")] pub protection_domain: Option, - /// Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. + /// secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. #[serde(rename = "secretRef")] pub secret_ref: DatadogAgentAgentConfigVolumesScaleIoSecretRef, - /// Flag to enable/disable SSL communication with Gateway, default false + /// sslEnabled Flag enable/disable SSL communication with Gateway, default false #[serde(default, skip_serializing_if = "Option::is_none", rename = "sslEnabled")] pub ssl_enabled: Option, - /// Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + /// storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageMode")] pub storage_mode: Option, - /// The ScaleIO Storage Pool associated with the protection domain. + /// storagePool is the ScaleIO Storage Pool associated with the protection domain. #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePool")] pub storage_pool: Option, - /// The name of the storage system as configured in ScaleIO. + /// system is the name of the storage system as configured in ScaleIO. pub system: String, - /// The name of a volume already created in the ScaleIO system that is associated with this volume source. + /// volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] pub volume_name: Option, } -/// SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. +/// secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesScaleIoSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -2352,19 +2352,19 @@ pub struct DatadogAgentAgentConfigVolumesScaleIoSecretRef { pub name: Option, } -/// Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +/// secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesSecret { - /// Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + /// items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, - /// Specify whether the Secret or its keys must be defined + /// optional field specify whether the Secret or its keys must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, - /// Name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + /// secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] pub secret_name: Option, } @@ -2372,36 +2372,36 @@ pub struct DatadogAgentAgentConfigVolumesSecret { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesSecretItems { - /// The key to project. + /// key is the key to project. pub key: String, - /// Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. pub path: String, } -/// StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. +/// storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesStorageos { - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. + /// secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, - /// VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. + /// volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] pub volume_name: Option, - /// VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. + /// volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeNamespace")] pub volume_namespace: Option, } -/// SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. +/// secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesStorageosSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -2409,19 +2409,19 @@ pub struct DatadogAgentAgentConfigVolumesStorageosSecretRef { pub name: Option, } -/// VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine +/// vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentConfigVolumesVsphereVolume { - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. + /// storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePolicyID")] pub storage_policy_id: Option, - /// Storage Policy Based Management (SPBM) profile name. + /// storagePolicyName is the storage Policy Based Management (SPBM) profile name. #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePolicyName")] pub storage_policy_name: Option, - /// Path that identifies vSphere volume vmdk + /// volumePath is the path that identifies vSphere volume vmdk #[serde(rename = "volumePath")] pub volume_path: String, } @@ -3036,12 +3036,12 @@ pub struct DatadogAgentAgentSecurityComplianceConfigDir { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentSecurityComplianceConfigDirItems { - /// The key to project. + /// key is the key to project. pub key: String, - /// Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. pub path: String, } @@ -3164,12 +3164,12 @@ pub struct DatadogAgentAgentSecurityRuntimePoliciesDir { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentAgentSecurityRuntimePoliciesDirItems { - /// The key to project. + /// key is the key to project. pub key: String, - /// Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. pub path: String, } @@ -3684,10 +3684,10 @@ pub struct DatadogAgentClusterAgentAffinityPodAffinityPreferredDuringSchedulingI /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. @@ -3718,7 +3718,7 @@ pub struct DatadogAgentClusterAgentAffinityPodAffinityPreferredDuringSchedulingI pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -3747,10 +3747,10 @@ pub struct DatadogAgentClusterAgentAffinityPodAffinityRequiredDuringSchedulingIg /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. @@ -3781,7 +3781,7 @@ pub struct DatadogAgentClusterAgentAffinityPodAffinityRequiredDuringSchedulingIg pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -3831,10 +3831,10 @@ pub struct DatadogAgentClusterAgentAffinityPodAntiAffinityPreferredDuringSchedul /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. @@ -3865,7 +3865,7 @@ pub struct DatadogAgentClusterAgentAffinityPodAntiAffinityPreferredDuringSchedul pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -3894,10 +3894,10 @@ pub struct DatadogAgentClusterAgentAffinityPodAntiAffinityRequiredDuringScheduli /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. @@ -3928,7 +3928,7 @@ pub struct DatadogAgentClusterAgentAffinityPodAntiAffinityRequiredDuringScheduli pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -4004,9 +4004,6 @@ pub struct DatadogAgentClusterAgentConfigAdmissionController { /// agentCommunicationMode corresponds to the mode used by the Datadog application libraries to communicate with the Agent. It can be "hostip", "service", or "socket". #[serde(default, skip_serializing_if = "Option::is_none", rename = "agentCommunicationMode")] pub agent_communication_mode: Option, - /// CWSInstrumentation holds the CWS Instrumentation endpoint configuration - #[serde(default, skip_serializing_if = "Option::is_none", rename = "cwsInstrumentation")] - pub cws_instrumentation: Option, /// Enable the admission controller to be able to inject APM/Dogstatsd config and standard tags (env, service, version) automatically into your pods. #[serde(default, skip_serializing_if = "Option::is_none")] pub enabled: Option, @@ -4018,17 +4015,6 @@ pub struct DatadogAgentClusterAgentConfigAdmissionController { pub service_name: Option, } -/// CWSInstrumentation holds the CWS Instrumentation endpoint configuration -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct DatadogAgentClusterAgentConfigAdmissionControllerCwsInstrumentation { - /// Enable the CWS Instrumentation admission controller endpoint - #[serde(default, skip_serializing_if = "Option::is_none")] - pub enabled: Option, - /// Mode defines how the CWS Instrumentation endpoint should behave. It can be "init_container" or "remote_copy". - #[serde(default, skip_serializing_if = "Option::is_none")] - pub mode: Option, -} - /// Confd Provide additional cluster check configurations. Each key will become a file in /conf.d. see https://docs.datadoghq.com/agent/autodiscovery/ for more details. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigConfd { @@ -4043,12 +4029,12 @@ pub struct DatadogAgentClusterAgentConfigConfd { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigConfdItems { - /// The key to project. + /// key is the key to project. pub key: String, - /// Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. pub path: String, } @@ -4328,178 +4314,178 @@ pub struct DatadogAgentClusterAgentConfigVolumeMounts { /// Volume represents a named volume in a pod that may be accessed by any container in the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumes { - /// AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + /// awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore #[serde(default, skip_serializing_if = "Option::is_none", rename = "awsElasticBlockStore")] pub aws_elastic_block_store: Option, - /// AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + /// azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. #[serde(default, skip_serializing_if = "Option::is_none", rename = "azureDisk")] pub azure_disk: Option, - /// AzureFile represents an Azure File Service mount on the host and bind mount to the pod. + /// azureFile represents an Azure File Service mount on the host and bind mount to the pod. #[serde(default, skip_serializing_if = "Option::is_none", rename = "azureFile")] pub azure_file: Option, - /// CephFS represents a Ceph FS mount on the host that shares a pod's lifetime + /// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime #[serde(default, skip_serializing_if = "Option::is_none")] pub cephfs: Option, - /// Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + /// cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[serde(default, skip_serializing_if = "Option::is_none")] pub cinder: Option, - /// ConfigMap represents a configMap that should populate this volume + /// configMap represents a configMap that should populate this volume #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] pub config_map: Option, - /// CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). + /// csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). #[serde(default, skip_serializing_if = "Option::is_none")] pub csi: Option, - /// DownwardAPI represents downward API about the pod that should populate this volume + /// downwardAPI represents downward API about the pod that should populate this volume #[serde(default, skip_serializing_if = "Option::is_none", rename = "downwardAPI")] pub downward_api: Option, - /// EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + /// emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDir")] pub empty_dir: Option, - /// Ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. + /// ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. /// Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). /// Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. /// A pod can use both types of ephemeral volumes and persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] pub ephemeral: Option, - /// FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. + /// fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. #[serde(default, skip_serializing_if = "Option::is_none")] pub fc: Option, - /// FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + /// flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. #[serde(default, skip_serializing_if = "Option::is_none", rename = "flexVolume")] pub flex_volume: Option, - /// Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running + /// flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running #[serde(default, skip_serializing_if = "Option::is_none")] pub flocker: Option, - /// GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + /// gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[serde(default, skip_serializing_if = "Option::is_none", rename = "gcePersistentDisk")] pub gce_persistent_disk: Option, - /// GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. + /// gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gitRepo")] pub git_repo: Option, - /// Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md + /// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md #[serde(default, skip_serializing_if = "Option::is_none")] pub glusterfs: Option, - /// HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. + /// hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, - /// ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md + /// iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md #[serde(default, skip_serializing_if = "Option::is_none")] pub iscsi: Option, - /// Volume's name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names pub name: String, - /// NFS represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + /// nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs #[serde(default, skip_serializing_if = "Option::is_none")] pub nfs: Option, - /// PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + /// persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims #[serde(default, skip_serializing_if = "Option::is_none", rename = "persistentVolumeClaim")] pub persistent_volume_claim: Option, - /// PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + /// photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "photonPersistentDisk")] pub photon_persistent_disk: Option, - /// PortworxVolume represents a portworx volume attached and mounted on kubelets host machine + /// portworxVolume represents a portworx volume attached and mounted on kubelets host machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "portworxVolume")] pub portworx_volume: Option, - /// Items for all in one resources secrets, configmaps, and downward API + /// projected items for all in one resources secrets, configmaps, and downward API #[serde(default, skip_serializing_if = "Option::is_none")] pub projected: Option, - /// Quobyte represents a Quobyte mount on the host that shares a pod's lifetime + /// quobyte represents a Quobyte mount on the host that shares a pod's lifetime #[serde(default, skip_serializing_if = "Option::is_none")] pub quobyte: Option, - /// RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md + /// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md #[serde(default, skip_serializing_if = "Option::is_none")] pub rbd: Option, - /// ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + /// scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scaleIO")] pub scale_io: Option, - /// Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + /// secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + /// storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. #[serde(default, skip_serializing_if = "Option::is_none")] pub storageos: Option, - /// VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + /// vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "vsphereVolume")] pub vsphere_volume: Option, } -/// AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +/// awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesAwsElasticBlockStore { - /// Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine + /// fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + /// partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). #[serde(default, skip_serializing_if = "Option::is_none")] pub partition: Option, - /// Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + /// readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + /// volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore #[serde(rename = "volumeID")] pub volume_id: String, } -/// AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. +/// azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesAzureDisk { - /// Host Caching mode: None, Read Only, Read Write. + /// cachingMode is the Host Caching mode: None, Read Only, Read Write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cachingMode")] pub caching_mode: Option, - /// The Name of the data disk in the blob storage + /// diskName is the Name of the data disk in the blob storage #[serde(rename = "diskName")] pub disk_name: String, - /// The URI the data disk in the blob storage + /// diskURI is the URI of data disk in the blob storage #[serde(rename = "diskURI")] pub disk_uri: String, - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared + /// kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, } -/// AzureFile represents an Azure File Service mount on the host and bind mount to the pod. +/// azureFile represents an Azure File Service mount on the host and bind mount to the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesAzureFile { - /// Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// the name of secret that contains Azure Storage Account Name and Key + /// secretName is the name of secret that contains Azure Storage Account Name and Key #[serde(rename = "secretName")] pub secret_name: String, - /// Share Name + /// shareName is the azure share Name #[serde(rename = "shareName")] pub share_name: String, } -/// CephFS represents a Ceph FS mount on the host that shares a pod's lifetime +/// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesCephfs { - /// Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + /// monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it pub monitors: Vec, - /// Optional: Used as the mounted root, rather than the full Ceph tree, default is / + /// path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + /// secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretFile")] pub secret_file: Option, - /// Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + /// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, - /// Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + /// user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none")] pub user: Option, } -/// Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +/// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesCephfsSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -4507,24 +4493,24 @@ pub struct DatadogAgentClusterAgentConfigVolumesCephfsSecretRef { pub name: Option, } -/// Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md +/// cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesCinder { - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Optional: points to a secret object containing parameters used to connect to OpenStack. + /// secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, - /// volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + /// volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[serde(rename = "volumeID")] pub volume_id: String, } -/// Optional: points to a secret object containing parameters used to connect to OpenStack. +/// secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesCinderSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -4532,19 +4518,19 @@ pub struct DatadogAgentClusterAgentConfigVolumesCinderSecretRef { pub name: Option, } -/// ConfigMap represents a configMap that should populate this volume +/// configMap represents a configMap that should populate this volume #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesConfigMap { - /// Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + /// items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Specify whether the ConfigMap or its keys must be defined + /// optional specify whether the ConfigMap or its keys must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, } @@ -4552,35 +4538,35 @@ pub struct DatadogAgentClusterAgentConfigVolumesConfigMap { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesConfigMapItems { - /// The key to project. + /// key is the key to project. pub key: String, - /// Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. pub path: String, } -/// CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). +/// csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesCsi { - /// Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. + /// driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. pub driver: String, - /// Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. + /// fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. + /// nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodePublishSecretRef")] pub node_publish_secret_ref: Option, - /// Specifies a read-only configuration for the volume. Defaults to false (read/write). + /// readOnly specifies a read-only configuration for the volume. Defaults to false (read/write). #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. + /// volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributes")] pub volume_attributes: Option>, } -/// NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. +/// nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesCsiNodePublishSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -4588,7 +4574,7 @@ pub struct DatadogAgentClusterAgentConfigVolumesCsiNodePublishSecretRef { pub name: Option, } -/// DownwardAPI represents downward API about the pod that should populate this volume +/// downwardAPI represents downward API about the pod that should populate this volume #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesDownwardApi { /// Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. @@ -4639,18 +4625,18 @@ pub struct DatadogAgentClusterAgentConfigVolumesDownwardApiItemsResourceFieldRef pub resource: String, } -/// EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +/// emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesEmptyDir { - /// What type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + /// medium represents what type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[serde(default, skip_serializing_if = "Option::is_none")] pub medium: Option, - /// Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir + /// sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir #[serde(default, skip_serializing_if = "Option::is_none", rename = "sizeLimit")] pub size_limit: Option, } -/// Ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. +/// ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. /// Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). /// Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. @@ -4686,33 +4672,33 @@ pub struct DatadogAgentClusterAgentConfigVolumesEphemeralVolumeClaimTemplateMeta /// The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesEphemeralVolumeClaimTemplateSpec { - /// AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + /// accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] pub access_modes: Option>, - /// This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. + /// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSource")] pub data_source: Option, - /// Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Alpha) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSourceRef")] pub data_source_ref: Option, - /// Resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + /// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, - /// A label query over volumes to consider for binding. + /// selector is a label query over volumes to consider for binding. #[serde(default, skip_serializing_if = "Option::is_none")] pub selector: Option, - /// Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + /// storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] pub storage_class_name: Option, /// volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] pub volume_mode: Option, - /// VolumeName is the binding reference to the PersistentVolume backing this claim. + /// volumeName is the binding reference to the PersistentVolume backing this claim. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] pub volume_name: Option, } -/// This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. +/// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesEphemeralVolumeClaimTemplateSpecDataSource { /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. @@ -4724,7 +4710,7 @@ pub struct DatadogAgentClusterAgentConfigVolumesEphemeralVolumeClaimTemplateSpec pub name: String, } -/// Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Alpha) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesEphemeralVolumeClaimTemplateSpecDataSourceRef { /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. @@ -4736,7 +4722,7 @@ pub struct DatadogAgentClusterAgentConfigVolumesEphemeralVolumeClaimTemplateSpec pub name: String, } -/// Resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +/// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesEphemeralVolumeClaimTemplateSpecResources { /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -4747,7 +4733,7 @@ pub struct DatadogAgentClusterAgentConfigVolumesEphemeralVolumeClaimTemplateSpec pub requests: Option>, } -/// A label query over volumes to consider for binding. +/// selector is a label query over volumes to consider for binding. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesEphemeralVolumeClaimTemplateSpecSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -4770,46 +4756,46 @@ pub struct DatadogAgentClusterAgentConfigVolumesEphemeralVolumeClaimTemplateSpec pub values: Option>, } -/// FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. +/// fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesFc { - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Optional: FC target lun number + /// lun is Optional: FC target lun number #[serde(default, skip_serializing_if = "Option::is_none")] pub lun: Option, - /// Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Optional: FC target worldwide names (WWNs) + /// targetWWNs is Optional: FC target worldwide names (WWNs) #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetWWNs")] pub target_ww_ns: Option>, - /// Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + /// wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. #[serde(default, skip_serializing_if = "Option::is_none")] pub wwids: Option>, } -/// FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. +/// flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesFlexVolume { - /// Driver is the name of the driver to use for this volume. + /// driver is the name of the driver to use for this volume. pub driver: String, - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Optional: Extra command options if any. + /// options is Optional: this field holds extra command options if any. #[serde(default, skip_serializing_if = "Option::is_none")] pub options: Option>, - /// Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. + /// secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, } -/// Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. +/// secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesFlexVolumeSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -4817,106 +4803,106 @@ pub struct DatadogAgentClusterAgentConfigVolumesFlexVolumeSecretRef { pub name: Option, } -/// Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running +/// flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesFlocker { - /// Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated + /// datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated #[serde(default, skip_serializing_if = "Option::is_none", rename = "datasetName")] pub dataset_name: Option, - /// UUID of the dataset. This is unique identifier of a Flocker dataset + /// datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset #[serde(default, skip_serializing_if = "Option::is_none", rename = "datasetUUID")] pub dataset_uuid: Option, } -/// GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +/// gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesGcePersistentDisk { - /// Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine + /// fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + /// partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[serde(default, skip_serializing_if = "Option::is_none")] pub partition: Option, - /// Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + /// pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[serde(rename = "pdName")] pub pd_name: String, - /// ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + /// readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, } -/// GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. +/// gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesGitRepo { - /// Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. + /// directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. #[serde(default, skip_serializing_if = "Option::is_none")] pub directory: Option, - /// Repository URL + /// repository is the URL pub repository: String, - /// Commit hash for the specified revision. + /// revision is the commit hash for the specified revision. #[serde(default, skip_serializing_if = "Option::is_none")] pub revision: Option, } -/// Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md +/// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesGlusterfs { - /// EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + /// endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod pub endpoints: String, - /// Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + /// path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod pub path: String, - /// ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + /// readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, } -/// HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. +/// hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesHostPath { - /// Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + /// path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath pub path: String, - /// Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + /// type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, } -/// ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md +/// iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesIscsi { - /// whether support iSCSI Discovery CHAP authentication + /// chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication #[serde(default, skip_serializing_if = "Option::is_none", rename = "chapAuthDiscovery")] pub chap_auth_discovery: Option, - /// whether support iSCSI Session CHAP authentication + /// chapAuthSession defines whether support iSCSI Session CHAP authentication #[serde(default, skip_serializing_if = "Option::is_none", rename = "chapAuthSession")] pub chap_auth_session: Option, - /// Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine + /// fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. + /// initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. #[serde(default, skip_serializing_if = "Option::is_none", rename = "initiatorName")] pub initiator_name: Option, - /// Target iSCSI Qualified Name. + /// iqn is the target iSCSI Qualified Name. pub iqn: String, - /// iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). + /// iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). #[serde(default, skip_serializing_if = "Option::is_none", rename = "iscsiInterface")] pub iscsi_interface: Option, - /// iSCSI Target Lun number. + /// lun represents iSCSI Target Lun number. pub lun: i32, - /// iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + /// portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). #[serde(default, skip_serializing_if = "Option::is_none")] pub portals: Option>, - /// ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. + /// readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// CHAP Secret for iSCSI target and initiator authentication + /// secretRef is the CHAP Secret for iSCSI target and initiator authentication #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, - /// iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + /// targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). #[serde(rename = "targetPortal")] pub target_portal: String, } -/// CHAP Secret for iSCSI target and initiator authentication +/// secretRef is the CHAP Secret for iSCSI target and initiator authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesIscsiSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -4924,61 +4910,61 @@ pub struct DatadogAgentClusterAgentConfigVolumesIscsiSecretRef { pub name: Option, } -/// NFS represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs +/// nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesNfs { - /// Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + /// path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs pub path: String, - /// ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + /// readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + /// server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs pub server: String, } -/// PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +/// persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesPersistentVolumeClaim { - /// ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + /// claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims #[serde(rename = "claimName")] pub claim_name: String, - /// Will force the ReadOnly setting in VolumeMounts. Default false. + /// readOnly Will force the ReadOnly setting in VolumeMounts. Default false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, } -/// PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine +/// photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesPhotonPersistentDisk { - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// ID that identifies Photon Controller persistent disk + /// pdID is the ID that identifies Photon Controller persistent disk #[serde(rename = "pdID")] pub pd_id: String, } -/// PortworxVolume represents a portworx volume attached and mounted on kubelets host machine +/// portworxVolume represents a portworx volume attached and mounted on kubelets host machine #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesPortworxVolume { - /// FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + /// fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// VolumeID uniquely identifies a Portworx volume + /// volumeID uniquely identifies a Portworx volume #[serde(rename = "volumeID")] pub volume_id: String, } -/// Items for all in one resources secrets, configmaps, and downward API +/// projected items for all in one resources secrets, configmaps, and downward API #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesProjected { - /// Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// list of volume projections + /// sources is the list of volume projections #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } @@ -4986,30 +4972,30 @@ pub struct DatadogAgentClusterAgentConfigVolumesProjected { /// Projection that may be projected along with other supported volume types #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesProjectedSources { - /// information about the configMap data to project + /// configMap information about the configMap data to project #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] pub config_map: Option, - /// information about the downwardAPI data to project + /// downwardAPI information about the downwardAPI data to project #[serde(default, skip_serializing_if = "Option::is_none", rename = "downwardAPI")] pub downward_api: Option, - /// information about the secret data to project + /// secret information about the secret data to project #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// information about the serviceAccountToken data to project + /// serviceAccountToken is information about the serviceAccountToken data to project #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccountToken")] pub service_account_token: Option, } -/// information about the configMap data to project +/// configMap information about the configMap data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesProjectedSourcesConfigMap { - /// If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + /// items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Specify whether the ConfigMap or its keys must be defined + /// optional specify whether the ConfigMap or its keys must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, } @@ -5017,16 +5003,16 @@ pub struct DatadogAgentClusterAgentConfigVolumesProjectedSourcesConfigMap { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesProjectedSourcesConfigMapItems { - /// The key to project. + /// key is the key to project. pub key: String, - /// Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. pub path: String, } -/// information about the downwardAPI data to project +/// downwardAPI information about the downwardAPI data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesProjectedSourcesDownwardApi { /// Items is a list of DownwardAPIVolume file @@ -5074,16 +5060,16 @@ pub struct DatadogAgentClusterAgentConfigVolumesProjectedSourcesDownwardApiItems pub resource: String, } -/// information about the secret data to project +/// secret information about the secret data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesProjectedSourcesSecret { - /// If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + /// items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Specify whether the Secret or its key must be defined + /// optional field specify whether the Secret or its key must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, } @@ -5091,77 +5077,77 @@ pub struct DatadogAgentClusterAgentConfigVolumesProjectedSourcesSecret { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesProjectedSourcesSecretItems { - /// The key to project. + /// key is the key to project. pub key: String, - /// Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. pub path: String, } -/// information about the serviceAccountToken data to project +/// serviceAccountToken is information about the serviceAccountToken data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesProjectedSourcesServiceAccountToken { - /// Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + /// audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. #[serde(default, skip_serializing_if = "Option::is_none")] pub audience: Option, - /// ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + /// expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. #[serde(default, skip_serializing_if = "Option::is_none", rename = "expirationSeconds")] pub expiration_seconds: Option, - /// Path is the path relative to the mount point of the file to project the token into. + /// path is the path relative to the mount point of the file to project the token into. pub path: String, } -/// Quobyte represents a Quobyte mount on the host that shares a pod's lifetime +/// quobyte represents a Quobyte mount on the host that shares a pod's lifetime #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesQuobyte { - /// Group to map volume access to Default is no group + /// group to map volume access to Default is no group #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, - /// ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. + /// readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes + /// registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes pub registry: String, - /// Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin + /// tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin #[serde(default, skip_serializing_if = "Option::is_none")] pub tenant: Option, - /// User to map volume access to Defaults to serivceaccount user + /// user to map volume access to Defaults to serivceaccount user #[serde(default, skip_serializing_if = "Option::is_none")] pub user: Option, - /// Volume is a string that references an already created Quobyte volume by name. + /// volume is a string that references an already created Quobyte volume by name. pub volume: String, } -/// RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md +/// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesRbd { - /// Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine + /// fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it pub image: String, - /// Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none")] pub keyring: Option, - /// A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it pub monitors: Vec, - /// The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none")] pub pool: Option, - /// ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, - /// The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none")] pub user: Option, } -/// SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +/// secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesRbdSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -5169,40 +5155,40 @@ pub struct DatadogAgentClusterAgentConfigVolumesRbdSecretRef { pub name: Option, } -/// ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. +/// scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesScaleIo { - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// The host address of the ScaleIO API Gateway. + /// gateway is the host address of the ScaleIO API Gateway. pub gateway: String, - /// The name of the ScaleIO Protection Domain for the configured storage. + /// protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. #[serde(default, skip_serializing_if = "Option::is_none", rename = "protectionDomain")] pub protection_domain: Option, - /// Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. + /// secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. #[serde(rename = "secretRef")] pub secret_ref: DatadogAgentClusterAgentConfigVolumesScaleIoSecretRef, - /// Flag to enable/disable SSL communication with Gateway, default false + /// sslEnabled Flag enable/disable SSL communication with Gateway, default false #[serde(default, skip_serializing_if = "Option::is_none", rename = "sslEnabled")] pub ssl_enabled: Option, - /// Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + /// storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageMode")] pub storage_mode: Option, - /// The ScaleIO Storage Pool associated with the protection domain. + /// storagePool is the ScaleIO Storage Pool associated with the protection domain. #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePool")] pub storage_pool: Option, - /// The name of the storage system as configured in ScaleIO. + /// system is the name of the storage system as configured in ScaleIO. pub system: String, - /// The name of a volume already created in the ScaleIO system that is associated with this volume source. + /// volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] pub volume_name: Option, } -/// SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. +/// secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesScaleIoSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -5210,19 +5196,19 @@ pub struct DatadogAgentClusterAgentConfigVolumesScaleIoSecretRef { pub name: Option, } -/// Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +/// secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesSecret { - /// Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + /// items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, - /// Specify whether the Secret or its keys must be defined + /// optional field specify whether the Secret or its keys must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, - /// Name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + /// secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] pub secret_name: Option, } @@ -5230,36 +5216,36 @@ pub struct DatadogAgentClusterAgentConfigVolumesSecret { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesSecretItems { - /// The key to project. + /// key is the key to project. pub key: String, - /// Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. pub path: String, } -/// StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. +/// storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesStorageos { - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. + /// secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, - /// VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. + /// volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] pub volume_name: Option, - /// VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. + /// volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeNamespace")] pub volume_namespace: Option, } -/// SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. +/// secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesStorageosSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -5267,19 +5253,19 @@ pub struct DatadogAgentClusterAgentConfigVolumesStorageosSecretRef { pub name: Option, } -/// VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine +/// vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterAgentConfigVolumesVsphereVolume { - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. + /// storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePolicyID")] pub storage_policy_id: Option, - /// Storage Policy Based Management (SPBM) profile name. + /// storagePolicyName is the storage Policy Based Management (SPBM) profile name. #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePolicyName")] pub storage_policy_name: Option, - /// Path that identifies vSphere volume vmdk + /// volumePath is the path that identifies vSphere volume vmdk #[serde(rename = "volumePath")] pub volume_path: String, } @@ -5588,10 +5574,10 @@ pub struct DatadogAgentClusterChecksRunnerAffinityPodAffinityPreferredDuringSche /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. @@ -5622,7 +5608,7 @@ pub struct DatadogAgentClusterChecksRunnerAffinityPodAffinityPreferredDuringSche pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -5651,10 +5637,10 @@ pub struct DatadogAgentClusterChecksRunnerAffinityPodAffinityRequiredDuringSched /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. @@ -5685,7 +5671,7 @@ pub struct DatadogAgentClusterChecksRunnerAffinityPodAffinityRequiredDuringSched pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -5735,10 +5721,10 @@ pub struct DatadogAgentClusterChecksRunnerAffinityPodAntiAffinityPreferredDuring /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. @@ -5769,7 +5755,7 @@ pub struct DatadogAgentClusterChecksRunnerAffinityPodAntiAffinityPreferredDuring pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -5798,10 +5784,10 @@ pub struct DatadogAgentClusterChecksRunnerAffinityPodAntiAffinityRequiredDuringS /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. @@ -5832,7 +5818,7 @@ pub struct DatadogAgentClusterChecksRunnerAffinityPodAntiAffinityRequiredDuringS pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -5982,7 +5968,7 @@ pub struct DatadogAgentClusterChecksRunnerConfigLivenessProbe { /// Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, - /// GRPC specifies an action involving a GRPC port. This is an alpha field and requires enabling GRPCContainerProbe feature gate. + /// GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -6016,7 +6002,7 @@ pub struct DatadogAgentClusterChecksRunnerConfigLivenessProbeExec { pub command: Option>, } -/// GRPC specifies an action involving a GRPC port. This is an alpha field and requires enabling GRPCContainerProbe feature gate. +/// GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigLivenessProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -6074,7 +6060,7 @@ pub struct DatadogAgentClusterChecksRunnerConfigReadinessProbe { /// Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, - /// GRPC specifies an action involving a GRPC port. This is an alpha field and requires enabling GRPCContainerProbe feature gate. + /// GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -6108,7 +6094,7 @@ pub struct DatadogAgentClusterChecksRunnerConfigReadinessProbeExec { pub command: Option>, } -/// GRPC specifies an action involving a GRPC port. This is an alpha field and requires enabling GRPCContainerProbe feature gate. +/// GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigReadinessProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -6285,178 +6271,178 @@ pub struct DatadogAgentClusterChecksRunnerConfigVolumeMounts { /// Volume represents a named volume in a pod that may be accessed by any container in the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumes { - /// AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + /// awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore #[serde(default, skip_serializing_if = "Option::is_none", rename = "awsElasticBlockStore")] pub aws_elastic_block_store: Option, - /// AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + /// azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. #[serde(default, skip_serializing_if = "Option::is_none", rename = "azureDisk")] pub azure_disk: Option, - /// AzureFile represents an Azure File Service mount on the host and bind mount to the pod. + /// azureFile represents an Azure File Service mount on the host and bind mount to the pod. #[serde(default, skip_serializing_if = "Option::is_none", rename = "azureFile")] pub azure_file: Option, - /// CephFS represents a Ceph FS mount on the host that shares a pod's lifetime + /// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime #[serde(default, skip_serializing_if = "Option::is_none")] pub cephfs: Option, - /// Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + /// cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[serde(default, skip_serializing_if = "Option::is_none")] pub cinder: Option, - /// ConfigMap represents a configMap that should populate this volume + /// configMap represents a configMap that should populate this volume #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] pub config_map: Option, - /// CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). + /// csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). #[serde(default, skip_serializing_if = "Option::is_none")] pub csi: Option, - /// DownwardAPI represents downward API about the pod that should populate this volume + /// downwardAPI represents downward API about the pod that should populate this volume #[serde(default, skip_serializing_if = "Option::is_none", rename = "downwardAPI")] pub downward_api: Option, - /// EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + /// emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDir")] pub empty_dir: Option, - /// Ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. + /// ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. /// Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). /// Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. /// A pod can use both types of ephemeral volumes and persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] pub ephemeral: Option, - /// FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. + /// fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. #[serde(default, skip_serializing_if = "Option::is_none")] pub fc: Option, - /// FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + /// flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. #[serde(default, skip_serializing_if = "Option::is_none", rename = "flexVolume")] pub flex_volume: Option, - /// Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running + /// flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running #[serde(default, skip_serializing_if = "Option::is_none")] pub flocker: Option, - /// GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + /// gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[serde(default, skip_serializing_if = "Option::is_none", rename = "gcePersistentDisk")] pub gce_persistent_disk: Option, - /// GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. + /// gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gitRepo")] pub git_repo: Option, - /// Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md + /// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md #[serde(default, skip_serializing_if = "Option::is_none")] pub glusterfs: Option, - /// HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. + /// hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, - /// ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md + /// iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md #[serde(default, skip_serializing_if = "Option::is_none")] pub iscsi: Option, - /// Volume's name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names pub name: String, - /// NFS represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + /// nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs #[serde(default, skip_serializing_if = "Option::is_none")] pub nfs: Option, - /// PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + /// persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims #[serde(default, skip_serializing_if = "Option::is_none", rename = "persistentVolumeClaim")] pub persistent_volume_claim: Option, - /// PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + /// photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "photonPersistentDisk")] pub photon_persistent_disk: Option, - /// PortworxVolume represents a portworx volume attached and mounted on kubelets host machine + /// portworxVolume represents a portworx volume attached and mounted on kubelets host machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "portworxVolume")] pub portworx_volume: Option, - /// Items for all in one resources secrets, configmaps, and downward API + /// projected items for all in one resources secrets, configmaps, and downward API #[serde(default, skip_serializing_if = "Option::is_none")] pub projected: Option, - /// Quobyte represents a Quobyte mount on the host that shares a pod's lifetime + /// quobyte represents a Quobyte mount on the host that shares a pod's lifetime #[serde(default, skip_serializing_if = "Option::is_none")] pub quobyte: Option, - /// RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md + /// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md #[serde(default, skip_serializing_if = "Option::is_none")] pub rbd: Option, - /// ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + /// scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scaleIO")] pub scale_io: Option, - /// Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + /// secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + /// storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. #[serde(default, skip_serializing_if = "Option::is_none")] pub storageos: Option, - /// VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + /// vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "vsphereVolume")] pub vsphere_volume: Option, } -/// AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +/// awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesAwsElasticBlockStore { - /// Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine + /// fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + /// partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). #[serde(default, skip_serializing_if = "Option::is_none")] pub partition: Option, - /// Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + /// readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + /// volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore #[serde(rename = "volumeID")] pub volume_id: String, } -/// AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. +/// azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesAzureDisk { - /// Host Caching mode: None, Read Only, Read Write. + /// cachingMode is the Host Caching mode: None, Read Only, Read Write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cachingMode")] pub caching_mode: Option, - /// The Name of the data disk in the blob storage + /// diskName is the Name of the data disk in the blob storage #[serde(rename = "diskName")] pub disk_name: String, - /// The URI the data disk in the blob storage + /// diskURI is the URI of data disk in the blob storage #[serde(rename = "diskURI")] pub disk_uri: String, - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared + /// kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, } -/// AzureFile represents an Azure File Service mount on the host and bind mount to the pod. +/// azureFile represents an Azure File Service mount on the host and bind mount to the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesAzureFile { - /// Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// the name of secret that contains Azure Storage Account Name and Key + /// secretName is the name of secret that contains Azure Storage Account Name and Key #[serde(rename = "secretName")] pub secret_name: String, - /// Share Name + /// shareName is the azure share Name #[serde(rename = "shareName")] pub share_name: String, } -/// CephFS represents a Ceph FS mount on the host that shares a pod's lifetime +/// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesCephfs { - /// Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + /// monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it pub monitors: Vec, - /// Optional: Used as the mounted root, rather than the full Ceph tree, default is / + /// path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + /// secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretFile")] pub secret_file: Option, - /// Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + /// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, - /// Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + /// user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none")] pub user: Option, } -/// Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +/// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesCephfsSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -6464,24 +6450,24 @@ pub struct DatadogAgentClusterChecksRunnerConfigVolumesCephfsSecretRef { pub name: Option, } -/// Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md +/// cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesCinder { - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Optional: points to a secret object containing parameters used to connect to OpenStack. + /// secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, - /// volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + /// volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[serde(rename = "volumeID")] pub volume_id: String, } -/// Optional: points to a secret object containing parameters used to connect to OpenStack. +/// secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesCinderSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -6489,19 +6475,19 @@ pub struct DatadogAgentClusterChecksRunnerConfigVolumesCinderSecretRef { pub name: Option, } -/// ConfigMap represents a configMap that should populate this volume +/// configMap represents a configMap that should populate this volume #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesConfigMap { - /// Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + /// items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Specify whether the ConfigMap or its keys must be defined + /// optional specify whether the ConfigMap or its keys must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, } @@ -6509,35 +6495,35 @@ pub struct DatadogAgentClusterChecksRunnerConfigVolumesConfigMap { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesConfigMapItems { - /// The key to project. + /// key is the key to project. pub key: String, - /// Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. pub path: String, } -/// CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). +/// csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesCsi { - /// Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. + /// driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. pub driver: String, - /// Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. + /// fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. + /// nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodePublishSecretRef")] pub node_publish_secret_ref: Option, - /// Specifies a read-only configuration for the volume. Defaults to false (read/write). + /// readOnly specifies a read-only configuration for the volume. Defaults to false (read/write). #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. + /// volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributes")] pub volume_attributes: Option>, } -/// NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. +/// nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesCsiNodePublishSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -6545,7 +6531,7 @@ pub struct DatadogAgentClusterChecksRunnerConfigVolumesCsiNodePublishSecretRef { pub name: Option, } -/// DownwardAPI represents downward API about the pod that should populate this volume +/// downwardAPI represents downward API about the pod that should populate this volume #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesDownwardApi { /// Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. @@ -6596,18 +6582,18 @@ pub struct DatadogAgentClusterChecksRunnerConfigVolumesDownwardApiItemsResourceF pub resource: String, } -/// EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +/// emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesEmptyDir { - /// What type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + /// medium represents what type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[serde(default, skip_serializing_if = "Option::is_none")] pub medium: Option, - /// Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir + /// sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir #[serde(default, skip_serializing_if = "Option::is_none", rename = "sizeLimit")] pub size_limit: Option, } -/// Ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. +/// ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. /// Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). /// Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. @@ -6643,33 +6629,33 @@ pub struct DatadogAgentClusterChecksRunnerConfigVolumesEphemeralVolumeClaimTempl /// The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesEphemeralVolumeClaimTemplateSpec { - /// AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + /// accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] pub access_modes: Option>, - /// This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. + /// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSource")] pub data_source: Option, - /// Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Alpha) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSourceRef")] pub data_source_ref: Option, - /// Resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + /// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, - /// A label query over volumes to consider for binding. + /// selector is a label query over volumes to consider for binding. #[serde(default, skip_serializing_if = "Option::is_none")] pub selector: Option, - /// Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + /// storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] pub storage_class_name: Option, /// volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] pub volume_mode: Option, - /// VolumeName is the binding reference to the PersistentVolume backing this claim. + /// volumeName is the binding reference to the PersistentVolume backing this claim. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] pub volume_name: Option, } -/// This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. +/// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesEphemeralVolumeClaimTemplateSpecDataSource { /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. @@ -6681,7 +6667,7 @@ pub struct DatadogAgentClusterChecksRunnerConfigVolumesEphemeralVolumeClaimTempl pub name: String, } -/// Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Alpha) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesEphemeralVolumeClaimTemplateSpecDataSourceRef { /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. @@ -6693,7 +6679,7 @@ pub struct DatadogAgentClusterChecksRunnerConfigVolumesEphemeralVolumeClaimTempl pub name: String, } -/// Resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +/// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesEphemeralVolumeClaimTemplateSpecResources { /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -6704,7 +6690,7 @@ pub struct DatadogAgentClusterChecksRunnerConfigVolumesEphemeralVolumeClaimTempl pub requests: Option>, } -/// A label query over volumes to consider for binding. +/// selector is a label query over volumes to consider for binding. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesEphemeralVolumeClaimTemplateSpecSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -6727,46 +6713,46 @@ pub struct DatadogAgentClusterChecksRunnerConfigVolumesEphemeralVolumeClaimTempl pub values: Option>, } -/// FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. +/// fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesFc { - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Optional: FC target lun number + /// lun is Optional: FC target lun number #[serde(default, skip_serializing_if = "Option::is_none")] pub lun: Option, - /// Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Optional: FC target worldwide names (WWNs) + /// targetWWNs is Optional: FC target worldwide names (WWNs) #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetWWNs")] pub target_ww_ns: Option>, - /// Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + /// wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. #[serde(default, skip_serializing_if = "Option::is_none")] pub wwids: Option>, } -/// FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. +/// flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesFlexVolume { - /// Driver is the name of the driver to use for this volume. + /// driver is the name of the driver to use for this volume. pub driver: String, - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Optional: Extra command options if any. + /// options is Optional: this field holds extra command options if any. #[serde(default, skip_serializing_if = "Option::is_none")] pub options: Option>, - /// Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. + /// secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, } -/// Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. +/// secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesFlexVolumeSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -6774,106 +6760,106 @@ pub struct DatadogAgentClusterChecksRunnerConfigVolumesFlexVolumeSecretRef { pub name: Option, } -/// Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running +/// flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesFlocker { - /// Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated + /// datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated #[serde(default, skip_serializing_if = "Option::is_none", rename = "datasetName")] pub dataset_name: Option, - /// UUID of the dataset. This is unique identifier of a Flocker dataset + /// datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset #[serde(default, skip_serializing_if = "Option::is_none", rename = "datasetUUID")] pub dataset_uuid: Option, } -/// GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +/// gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesGcePersistentDisk { - /// Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine + /// fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + /// partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[serde(default, skip_serializing_if = "Option::is_none")] pub partition: Option, - /// Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + /// pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[serde(rename = "pdName")] pub pd_name: String, - /// ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + /// readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, } -/// GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. +/// gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesGitRepo { - /// Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. + /// directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. #[serde(default, skip_serializing_if = "Option::is_none")] pub directory: Option, - /// Repository URL + /// repository is the URL pub repository: String, - /// Commit hash for the specified revision. + /// revision is the commit hash for the specified revision. #[serde(default, skip_serializing_if = "Option::is_none")] pub revision: Option, } -/// Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md +/// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesGlusterfs { - /// EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + /// endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod pub endpoints: String, - /// Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + /// path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod pub path: String, - /// ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + /// readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, } -/// HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. +/// hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesHostPath { - /// Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + /// path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath pub path: String, - /// Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + /// type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, } -/// ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md +/// iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesIscsi { - /// whether support iSCSI Discovery CHAP authentication + /// chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication #[serde(default, skip_serializing_if = "Option::is_none", rename = "chapAuthDiscovery")] pub chap_auth_discovery: Option, - /// whether support iSCSI Session CHAP authentication + /// chapAuthSession defines whether support iSCSI Session CHAP authentication #[serde(default, skip_serializing_if = "Option::is_none", rename = "chapAuthSession")] pub chap_auth_session: Option, - /// Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine + /// fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. + /// initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. #[serde(default, skip_serializing_if = "Option::is_none", rename = "initiatorName")] pub initiator_name: Option, - /// Target iSCSI Qualified Name. + /// iqn is the target iSCSI Qualified Name. pub iqn: String, - /// iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). + /// iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). #[serde(default, skip_serializing_if = "Option::is_none", rename = "iscsiInterface")] pub iscsi_interface: Option, - /// iSCSI Target Lun number. + /// lun represents iSCSI Target Lun number. pub lun: i32, - /// iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + /// portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). #[serde(default, skip_serializing_if = "Option::is_none")] pub portals: Option>, - /// ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. + /// readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// CHAP Secret for iSCSI target and initiator authentication + /// secretRef is the CHAP Secret for iSCSI target and initiator authentication #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, - /// iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + /// targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). #[serde(rename = "targetPortal")] pub target_portal: String, } -/// CHAP Secret for iSCSI target and initiator authentication +/// secretRef is the CHAP Secret for iSCSI target and initiator authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesIscsiSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -6881,61 +6867,61 @@ pub struct DatadogAgentClusterChecksRunnerConfigVolumesIscsiSecretRef { pub name: Option, } -/// NFS represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs +/// nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesNfs { - /// Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + /// path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs pub path: String, - /// ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + /// readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + /// server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs pub server: String, } -/// PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +/// persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesPersistentVolumeClaim { - /// ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + /// claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims #[serde(rename = "claimName")] pub claim_name: String, - /// Will force the ReadOnly setting in VolumeMounts. Default false. + /// readOnly Will force the ReadOnly setting in VolumeMounts. Default false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, } -/// PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine +/// photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesPhotonPersistentDisk { - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// ID that identifies Photon Controller persistent disk + /// pdID is the ID that identifies Photon Controller persistent disk #[serde(rename = "pdID")] pub pd_id: String, } -/// PortworxVolume represents a portworx volume attached and mounted on kubelets host machine +/// portworxVolume represents a portworx volume attached and mounted on kubelets host machine #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesPortworxVolume { - /// FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + /// fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// VolumeID uniquely identifies a Portworx volume + /// volumeID uniquely identifies a Portworx volume #[serde(rename = "volumeID")] pub volume_id: String, } -/// Items for all in one resources secrets, configmaps, and downward API +/// projected items for all in one resources secrets, configmaps, and downward API #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesProjected { - /// Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// list of volume projections + /// sources is the list of volume projections #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } @@ -6943,30 +6929,30 @@ pub struct DatadogAgentClusterChecksRunnerConfigVolumesProjected { /// Projection that may be projected along with other supported volume types #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesProjectedSources { - /// information about the configMap data to project + /// configMap information about the configMap data to project #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] pub config_map: Option, - /// information about the downwardAPI data to project + /// downwardAPI information about the downwardAPI data to project #[serde(default, skip_serializing_if = "Option::is_none", rename = "downwardAPI")] pub downward_api: Option, - /// information about the secret data to project + /// secret information about the secret data to project #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// information about the serviceAccountToken data to project + /// serviceAccountToken is information about the serviceAccountToken data to project #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccountToken")] pub service_account_token: Option, } -/// information about the configMap data to project +/// configMap information about the configMap data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesProjectedSourcesConfigMap { - /// If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + /// items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Specify whether the ConfigMap or its keys must be defined + /// optional specify whether the ConfigMap or its keys must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, } @@ -6974,16 +6960,16 @@ pub struct DatadogAgentClusterChecksRunnerConfigVolumesProjectedSourcesConfigMap /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesProjectedSourcesConfigMapItems { - /// The key to project. + /// key is the key to project. pub key: String, - /// Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. pub path: String, } -/// information about the downwardAPI data to project +/// downwardAPI information about the downwardAPI data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesProjectedSourcesDownwardApi { /// Items is a list of DownwardAPIVolume file @@ -7031,16 +7017,16 @@ pub struct DatadogAgentClusterChecksRunnerConfigVolumesProjectedSourcesDownwardA pub resource: String, } -/// information about the secret data to project +/// secret information about the secret data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesProjectedSourcesSecret { - /// If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + /// items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Specify whether the Secret or its key must be defined + /// optional field specify whether the Secret or its key must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, } @@ -7048,77 +7034,77 @@ pub struct DatadogAgentClusterChecksRunnerConfigVolumesProjectedSourcesSecret { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesProjectedSourcesSecretItems { - /// The key to project. + /// key is the key to project. pub key: String, - /// Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. pub path: String, } -/// information about the serviceAccountToken data to project +/// serviceAccountToken is information about the serviceAccountToken data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesProjectedSourcesServiceAccountToken { - /// Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + /// audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. #[serde(default, skip_serializing_if = "Option::is_none")] pub audience: Option, - /// ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + /// expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. #[serde(default, skip_serializing_if = "Option::is_none", rename = "expirationSeconds")] pub expiration_seconds: Option, - /// Path is the path relative to the mount point of the file to project the token into. + /// path is the path relative to the mount point of the file to project the token into. pub path: String, } -/// Quobyte represents a Quobyte mount on the host that shares a pod's lifetime +/// quobyte represents a Quobyte mount on the host that shares a pod's lifetime #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesQuobyte { - /// Group to map volume access to Default is no group + /// group to map volume access to Default is no group #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, - /// ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. + /// readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes + /// registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes pub registry: String, - /// Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin + /// tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin #[serde(default, skip_serializing_if = "Option::is_none")] pub tenant: Option, - /// User to map volume access to Defaults to serivceaccount user + /// user to map volume access to Defaults to serivceaccount user #[serde(default, skip_serializing_if = "Option::is_none")] pub user: Option, - /// Volume is a string that references an already created Quobyte volume by name. + /// volume is a string that references an already created Quobyte volume by name. pub volume: String, } -/// RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md +/// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesRbd { - /// Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine + /// fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it pub image: String, - /// Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none")] pub keyring: Option, - /// A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it pub monitors: Vec, - /// The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none")] pub pool: Option, - /// ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, - /// The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none")] pub user: Option, } -/// SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +/// secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesRbdSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -7126,40 +7112,40 @@ pub struct DatadogAgentClusterChecksRunnerConfigVolumesRbdSecretRef { pub name: Option, } -/// ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. +/// scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesScaleIo { - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// The host address of the ScaleIO API Gateway. + /// gateway is the host address of the ScaleIO API Gateway. pub gateway: String, - /// The name of the ScaleIO Protection Domain for the configured storage. + /// protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. #[serde(default, skip_serializing_if = "Option::is_none", rename = "protectionDomain")] pub protection_domain: Option, - /// Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. + /// secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. #[serde(rename = "secretRef")] pub secret_ref: DatadogAgentClusterChecksRunnerConfigVolumesScaleIoSecretRef, - /// Flag to enable/disable SSL communication with Gateway, default false + /// sslEnabled Flag enable/disable SSL communication with Gateway, default false #[serde(default, skip_serializing_if = "Option::is_none", rename = "sslEnabled")] pub ssl_enabled: Option, - /// Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + /// storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageMode")] pub storage_mode: Option, - /// The ScaleIO Storage Pool associated with the protection domain. + /// storagePool is the ScaleIO Storage Pool associated with the protection domain. #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePool")] pub storage_pool: Option, - /// The name of the storage system as configured in ScaleIO. + /// system is the name of the storage system as configured in ScaleIO. pub system: String, - /// The name of a volume already created in the ScaleIO system that is associated with this volume source. + /// volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] pub volume_name: Option, } -/// SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. +/// secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesScaleIoSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -7167,19 +7153,19 @@ pub struct DatadogAgentClusterChecksRunnerConfigVolumesScaleIoSecretRef { pub name: Option, } -/// Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +/// secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesSecret { - /// Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + /// items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, - /// Specify whether the Secret or its keys must be defined + /// optional field specify whether the Secret or its keys must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, - /// Name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + /// secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] pub secret_name: Option, } @@ -7187,36 +7173,36 @@ pub struct DatadogAgentClusterChecksRunnerConfigVolumesSecret { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesSecretItems { - /// The key to project. + /// key is the key to project. pub key: String, - /// Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. pub path: String, } -/// StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. +/// storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesStorageos { - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. + /// secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, - /// VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. + /// volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] pub volume_name: Option, - /// VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. + /// volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeNamespace")] pub volume_namespace: Option, } -/// SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. +/// secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesStorageosSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -7224,19 +7210,19 @@ pub struct DatadogAgentClusterChecksRunnerConfigVolumesStorageosSecretRef { pub name: Option, } -/// VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine +/// vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentClusterChecksRunnerConfigVolumesVsphereVolume { - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. + /// storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePolicyID")] pub storage_policy_id: Option, - /// Storage Policy Based Management (SPBM) profile name. + /// storagePolicyName is the storage Policy Based Management (SPBM) profile name. #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePolicyName")] pub storage_policy_name: Option, - /// Path that identifies vSphere volume vmdk + /// volumePath is the path that identifies vSphere volume vmdk #[serde(rename = "volumePath")] pub volume_path: String, } diff --git a/kube-custom-resources-rs/src/datadoghq_com/v1alpha1/datadogmonitors.rs b/kube-custom-resources-rs/src/datadoghq_com/v1alpha1/datadogmonitors.rs index 887afc4fa..6ffab0303 100644 --- a/kube-custom-resources-rs/src/datadoghq_com/v1alpha1/datadogmonitors.rs +++ b/kube-custom-resources-rs/src/datadoghq_com/v1alpha1/datadogmonitors.rs @@ -68,6 +68,9 @@ pub struct DatadogMonitorOptions { /// Time (in seconds) to delay evaluation, as a non-negative integer. For example, if the value is set to 300 (5min), the timeframe is set to last_5m and the time is 7:00, the monitor evaluates data from 6:50 to 6:55. This is useful for AWS CloudWatch and other backfilled metrics to ensure the monitor always has data during evaluation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "evaluationDelay")] pub evaluation_delay: Option, + /// A Boolean indicating whether the log alert monitor triggers a single alert or multiple alerts when any group breaches a threshold. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "groupbySimpleMonitor")] + pub groupby_simple_monitor: Option, /// A Boolean indicating whether notifications from this monitor automatically inserts its triggering tags into the title. #[serde(default, skip_serializing_if = "Option::is_none", rename = "includeTags")] pub include_tags: Option, @@ -86,12 +89,21 @@ pub struct DatadogMonitorOptions { /// A Boolean indicating whether tagged users are notified on changes to this monitor. #[serde(default, skip_serializing_if = "Option::is_none", rename = "notifyAudit")] pub notify_audit: Option, + /// A string indicating the granularity a monitor alerts on. Only available for monitors with groupings. For instance, a monitor grouped by cluster, namespace, and pod can be configured to only notify on each new cluster violating the alert conditions by setting notify_by to ["cluster"]. Tags mentioned in notify_by must be a subset of the grouping tags in the query. For example, a query grouped by cluster and namespace cannot notify on region. Setting notify_by to [*] configures the monitor to notify as a simple-alert. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "notifyBy")] + pub notify_by: Option>, /// A Boolean indicating whether this monitor notifies when data stops reporting. #[serde(default, skip_serializing_if = "Option::is_none", rename = "notifyNoData")] pub notify_no_data: Option, + /// An enum that controls how groups or monitors are treated if an evaluation does not return data points. The default option results in different behavior depending on the monitor query type. For monitors using Count queries, an empty monitor evaluation is treated as 0 and is compared to the threshold conditions. For monitors using any query type other than Count, for example Gauge, Measure, or Rate, the monitor shows the last known status. This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors + #[serde(default, skip_serializing_if = "Option::is_none", rename = "onMissingData")] + pub on_missing_data: Option, /// The number of minutes after the last notification before a monitor re-notifies on the current status. It only re-notifies if it’s not resolved. #[serde(default, skip_serializing_if = "Option::is_none", rename = "renotifyInterval")] pub renotify_interval: Option, + /// The number of times re-notification messages should be sent on the current status at the provided re-notification interval. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "renotifyOccurrences")] + pub renotify_occurrences: Option, /// A Boolean indicating whether this monitor needs a full window of data before it’s evaluated. We highly recommend you set this to false for sparse metrics, otherwise some evaluations are skipped. Default is false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "requireFullWindow")] pub require_full_window: Option, diff --git a/kube-custom-resources-rs/src/datadoghq_com/v2alpha1/datadogagents.rs b/kube-custom-resources-rs/src/datadoghq_com/v2alpha1/datadogagents.rs index 7bcee5d03..2155e12ef 100644 --- a/kube-custom-resources-rs/src/datadoghq_com/v2alpha1/datadogagents.rs +++ b/kube-custom-resources-rs/src/datadoghq_com/v2alpha1/datadogagents.rs @@ -41,6 +41,9 @@ pub struct DatadogAgentFeatures { /// APM (Application Performance Monitoring) configuration. #[serde(default, skip_serializing_if = "Option::is_none")] pub apm: Option, + /// ASM (Application Security Management) configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub asm: Option, /// ClusterChecks configuration. #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterChecks")] pub cluster_checks: Option, @@ -62,6 +65,9 @@ pub struct DatadogAgentFeatures { /// ExternalMetricsServer configuration. #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalMetricsServer")] pub external_metrics_server: Option, + /// HelmCheck configuration. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "helmCheck")] + pub helm_check: Option, /// KubeStateMetricsCore check configuration. #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeStateMetricsCore")] pub kube_state_metrics_core: Option, @@ -112,6 +118,12 @@ pub struct DatadogAgentFeaturesAdmissionController { /// AgentCommunicationMode corresponds to the mode used by the Datadog application libraries to communicate with the Agent. It can be "hostip", "service", or "socket". #[serde(default, skip_serializing_if = "Option::is_none", rename = "agentCommunicationMode")] pub agent_communication_mode: Option, + /// AgentSidecarInjection contains Agent sidecar injection configurations. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "agentSidecarInjection")] + pub agent_sidecar_injection: Option, + /// CWSInstrumentation holds the CWS Instrumentation endpoint configuration + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cwsInstrumentation")] + pub cws_instrumentation: Option, /// Enabled enables the Admission Controller. Default: true #[serde(default, skip_serializing_if = "Option::is_none")] pub enabled: Option, @@ -121,6 +133,9 @@ pub struct DatadogAgentFeaturesAdmissionController { /// MutateUnlabelled enables config injection without the need of pod label 'admission.datadoghq.com/enabled="true"'. Default: false #[serde(default, skip_serializing_if = "Option::is_none", rename = "mutateUnlabelled")] pub mutate_unlabelled: Option, + /// Registry defines an image registry for the admission controller. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub registry: Option, /// ServiceName corresponds to the webhook service name. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceName")] pub service_name: Option, @@ -129,6 +144,230 @@ pub struct DatadogAgentFeaturesAdmissionController { pub webhook_name: Option, } +/// AgentSidecarInjection contains Agent sidecar injection configurations. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentFeaturesAdmissionControllerAgentSidecarInjection { + /// ClusterAgentCommunicationEnabled enables communication between Agent sidecars and the Cluster Agent. Default : true + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterAgentCommunicationEnabled")] + pub cluster_agent_communication_enabled: Option, + /// Enabled enables Sidecar injections. Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// Image overrides the default Agent image name and tag for the Agent sidecar. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, + /// Profiles define the sidecar configuration override. Only one profile is supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub profiles: Option>, + /// Provider is used to add infrastructure provider-specific configurations to the Agent sidecar. Currently only "fargate" is supported. To use the feature in other environments (including local testing) omit the config. See also: https://docs.datadoghq.com/integrations/eks_fargate + #[serde(default, skip_serializing_if = "Option::is_none")] + pub provider: Option, + /// Registry overrides the default registry for the sidecar Agent. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub registry: Option, + /// Selectors define the pod selector for sidecar injection. Only one rule is supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selectors: Option>, +} + +/// Image overrides the default Agent image name and tag for the Agent sidecar. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentFeaturesAdmissionControllerAgentSidecarInjectionImage { + /// Define whether the Agent image should support JMX. To be used if the Name field does not correspond to a full image string. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmxEnabled")] + pub jmx_enabled: Option, + /// Define the image to use: Use "gcr.io/datadoghq/agent:latest" for Datadog Agent 7. Use "datadog/dogstatsd:latest" for standalone Datadog Agent DogStatsD 7. Use "gcr.io/datadoghq/cluster-agent:latest" for Datadog Cluster Agent. Use "agent" with the registry and tag configurations for /agent:. Use "cluster-agent" with the registry and tag configurations for /cluster-agent:. If the name is the full image string—`:` or `/:`, then `tag`, `jmxEnabled`, and `global.registry` values are ignored. Otherwise, image string is created by overriding default settings with supplied `name`, `tag`, and `jmxEnabled` values; image string is created using default registry unless `global.registry` is configured. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// The Kubernetes pull policy: Use Always, Never, or IfNotPresent. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// It is possible to specify Docker registry credentials. See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullSecrets")] + pub pull_secrets: Option>, + /// Define the image tag to use. To be used if the Name field does not correspond to a full image string. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tag: Option, +} + +/// LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentFeaturesAdmissionControllerAgentSidecarInjectionImagePullSecrets { + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// Profile defines a sidecar configuration override. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentFeaturesAdmissionControllerAgentSidecarInjectionProfiles { + /// EnvVars specifies the environment variables for the profile. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub env: Option>, + /// ResourceRequirements specifies the resource requirements for the profile. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, +} + +/// EnvVar represents an environment variable present in a Container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentFeaturesAdmissionControllerAgentSidecarInjectionProfilesEnv { + /// Name of the environment variable. Must be a C_IDENTIFIER. + pub name: String, + /// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, + /// Source for the environment variable's value. Cannot be used if value is not empty. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] + pub value_from: Option, +} + +/// Source for the environment variable's value. Cannot be used if value is not empty. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentFeaturesAdmissionControllerAgentSidecarInjectionProfilesEnvValueFrom { + /// Selects a key of a ConfigMap. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] + pub config_map_key_ref: Option, + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] + pub field_ref: Option, + /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] + pub resource_field_ref: Option, + /// Selects a key of a secret in the pod's namespace + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, +} + +/// Selects a key of a ConfigMap. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentFeaturesAdmissionControllerAgentSidecarInjectionProfilesEnvValueFromConfigMapKeyRef { + /// The key to select. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentFeaturesAdmissionControllerAgentSidecarInjectionProfilesEnvValueFromFieldRef { + /// Version of the schema the FieldPath is written in terms of, defaults to "v1". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Path of the field to select in the specified API version. + #[serde(rename = "fieldPath")] + pub field_path: String, +} + +/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentFeaturesAdmissionControllerAgentSidecarInjectionProfilesEnvValueFromResourceFieldRef { + /// Container name: required for volumes, optional for env vars + #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] + pub container_name: Option, + /// Specifies the output format of the exposed resources, defaults to "1" + #[serde(default, skip_serializing_if = "Option::is_none")] + pub divisor: Option, + /// Required: resource to select + pub resource: String, +} + +/// Selects a key of a secret in the pod's namespace +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentFeaturesAdmissionControllerAgentSidecarInjectionProfilesEnvValueFromSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// ResourceRequirements specifies the resource requirements for the profile. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentFeaturesAdmissionControllerAgentSidecarInjectionProfilesResources { + /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, +} + +/// Selectors define a pod selector for sidecar injection. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentFeaturesAdmissionControllerAgentSidecarInjectionSelectors { + /// NamespaceSelector specifies the label selector for namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// ObjectSelector specifies the label selector for objects. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "objectSelector")] + pub object_selector: Option, +} + +/// NamespaceSelector specifies the label selector for namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentFeaturesAdmissionControllerAgentSidecarInjectionSelectorsNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentFeaturesAdmissionControllerAgentSidecarInjectionSelectorsNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// ObjectSelector specifies the label selector for objects. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentFeaturesAdmissionControllerAgentSidecarInjectionSelectorsObjectSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentFeaturesAdmissionControllerAgentSidecarInjectionSelectorsObjectSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// CWSInstrumentation holds the CWS Instrumentation endpoint configuration +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentFeaturesAdmissionControllerCwsInstrumentation { + /// Enable the CWS Instrumentation admission controller endpoint. Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// Mode defines the behavior of the CWS Instrumentation endpoint, and can be either "init_container" or "remote_copy". Default: "remote_copy" + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, +} + /// APM (Application Performance Monitoring) configuration. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentFeaturesApm { @@ -138,6 +377,9 @@ pub struct DatadogAgentFeaturesApm { /// HostPortConfig contains host port configuration. Enabled Default: false Port Default: 8126 #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPortConfig")] pub host_port_config: Option, + /// SingleStepInstrumentation allows the agent to inject the Datadog APM libraries into all pods in the cluster. Feature is in beta. See also: https://docs.datadoghq.com/tracing/trace_collection/single-step-apm Enabled Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub instrumentation: Option, /// UnixDomainSocketConfig contains socket configuration. See also: https://docs.datadoghq.com/agent/kubernetes/apm/?tab=helm#agent-environment-variables Enabled Default: true Path Default: `/var/run/datadog/apm.socket` #[serde(default, skip_serializing_if = "Option::is_none", rename = "unixDomainSocketConfig")] pub unix_domain_socket_config: Option, @@ -154,6 +396,23 @@ pub struct DatadogAgentFeaturesApmHostPortConfig { pub host_port: Option, } +/// SingleStepInstrumentation allows the agent to inject the Datadog APM libraries into all pods in the cluster. Feature is in beta. See also: https://docs.datadoghq.com/tracing/trace_collection/single-step-apm Enabled Default: false +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentFeaturesApmInstrumentation { + /// DisabledNamespaces disables injecting the Datadog APM libraries into pods in specific namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "disabledNamespaces")] + pub disabled_namespaces: Option>, + /// Enabled enables injecting the Datadog APM libraries into all pods in the cluster. Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// EnabledNamespaces enables injecting the Datadog APM libraries into pods in specific namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enabledNamespaces")] + pub enabled_namespaces: Option>, + /// LibVersions configures injection of specific tracing library versions with Single Step Instrumentation. : ex: "java": "v1.18.0" + #[serde(default, skip_serializing_if = "Option::is_none", rename = "libVersions")] + pub lib_versions: Option>, +} + /// UnixDomainSocketConfig contains socket configuration. See also: https://docs.datadoghq.com/agent/kubernetes/apm/?tab=helm#agent-environment-variables Enabled Default: true Path Default: `/var/run/datadog/apm.socket` #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentFeaturesApmUnixDomainSocketConfig { @@ -165,6 +424,44 @@ pub struct DatadogAgentFeaturesApmUnixDomainSocketConfig { pub path: Option, } +/// ASM (Application Security Management) configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentFeaturesAsm { + /// IAST configures Interactive Application Security Testing. Enabled Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub iast: Option, + /// SCA configures Software Composition Analysis. Enabled Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub sca: Option, + /// Threats configures ASM App & API Protection. Enabled Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub threats: Option, +} + +/// IAST configures Interactive Application Security Testing. Enabled Default: false +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentFeaturesAsmIast { + /// Enabled enables Interactive Application Security Testing (IAST). Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, +} + +/// SCA configures Software Composition Analysis. Enabled Default: false +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentFeaturesAsmSca { + /// Enabled enables Software Composition Analysis (SCA). Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, +} + +/// Threats configures ASM App & API Protection. Enabled Default: false +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentFeaturesAsmThreats { + /// Enabled enables ASM App & API Protection. Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, +} + /// ClusterChecks configuration. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentFeaturesClusterChecks { @@ -218,12 +515,12 @@ pub struct DatadogAgentFeaturesCspmCustomBenchmarksConfigMap { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentFeaturesCspmCustomBenchmarksConfigMapItems { - /// The key to project. + /// key is the key to project. pub key: String, - /// Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. pub path: String, } @@ -280,12 +577,12 @@ pub struct DatadogAgentFeaturesCwsCustomPoliciesConfigMap { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentFeaturesCwsCustomPoliciesConfigMapItems { - /// The key to project. + /// key is the key to project. pub key: String, - /// Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. pub path: String, } @@ -366,12 +663,12 @@ pub struct DatadogAgentFeaturesDogstatsdMapperProfilesConfigMap { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentFeaturesDogstatsdMapperProfilesConfigMapItems { - /// The key to project. + /// key is the key to project. pub key: String, - /// Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. pub path: String, } @@ -475,6 +772,20 @@ pub struct DatadogAgentFeaturesExternalMetricsServerEndpointCredentialsAppSecret pub secret_name: String, } +/// HelmCheck configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentFeaturesHelmCheck { + /// CollectEvents set to `true` enables event collection in the Helm check (Requires Agent 7.36.0+ and Cluster Agent 1.20.0+) Default: false + #[serde(default, skip_serializing_if = "Option::is_none", rename = "collectEvents")] + pub collect_events: Option, + /// Enabled enables the Helm check. Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// ValuesAsTags collects Helm values from a release and uses them as tags (Requires Agent and Cluster Agent 7.40.0+). Default: {} + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valuesAsTags")] + pub values_as_tags: Option>, +} + /// KubeStateMetricsCore check configuration. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentFeaturesKubeStateMetricsCore { @@ -511,12 +822,12 @@ pub struct DatadogAgentFeaturesKubeStateMetricsCoreConfConfigMap { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentFeaturesKubeStateMetricsCoreConfConfigMapItems { - /// The key to project. + /// key is the key to project. pub key: String, - /// Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. pub path: String, } @@ -641,12 +952,12 @@ pub struct DatadogAgentFeaturesOrchestratorExplorerConfConfigMap { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentFeaturesOrchestratorExplorerConfConfigMapItems { - /// The key to project. + /// key is the key to project. pub key: String, - /// Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. pub path: String, } @@ -814,6 +1125,9 @@ pub struct DatadogAgentGlobal { /// Endpoint is the Datadog intake URL the Agent data are sent to. Only set this option if you need the Agent to send data to a custom URL. Overrides the site setting defined in `Site`. #[serde(default, skip_serializing_if = "Option::is_none")] pub endpoint: Option, + /// FIPS contains configuration used to customize the FIPS proxy sidecar. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub fips: Option, /// Kubelet contains the kubelet configuration parameters. #[serde(default, skip_serializing_if = "Option::is_none")] pub kubelet: Option, @@ -832,6 +1146,9 @@ pub struct DatadogAgentGlobal { /// Provide a mapping of Kubernetes Node Labels to Datadog Tags. : #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeLabelsAsTags")] pub node_labels_as_tags: Option>, + /// OriginDetectionUnified defines the origin detection unified mechanism behavior. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "originDetectionUnified")] + pub origin_detection_unified: Option, /// Provide a mapping of Kubernetes Annotations to Datadog Tags. : #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAnnotationsAsTags")] pub pod_annotations_as_tags: Option>, @@ -949,58 +1266,160 @@ pub struct DatadogAgentGlobalEndpointCredentialsAppSecret { pub secret_name: String, } -/// Kubelet contains the kubelet configuration parameters. +/// FIPS contains configuration used to customize the FIPS proxy sidecar. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct DatadogAgentGlobalKubelet { - /// AgentCAPath is the container path where the kubelet CA certificate is stored. Default: '/var/run/host-kubelet-ca.crt' if hostCAPath is set, else '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt' - #[serde(default, skip_serializing_if = "Option::is_none", rename = "agentCAPath")] - pub agent_ca_path: Option, - /// Host overrides the host used to contact kubelet API (default to status.hostIP). +pub struct DatadogAgentGlobalFips { + /// CustomFIPSConfig configures a custom configMap to provide the FIPS configuration. Specify custom contents for the FIPS proxy sidecar container config (/etc/datadog-fips-proxy/datadog-fips-proxy.cfg). If empty, the default FIPS proxy sidecar container config is used. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customFIPSConfig")] + pub custom_fips_config: Option, + /// Enable FIPS sidecar. #[serde(default, skip_serializing_if = "Option::is_none")] - pub host: Option, - /// HostCAPath is the host path where the kubelet CA certificate is stored. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostCAPath")] - pub host_ca_path: Option, - /// TLSVerify toggles kubelet TLS verification. Default: true - #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsVerify")] - pub tls_verify: Option, + pub enabled: Option, + /// The container image of the FIPS sidecar. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, + /// Set the local IP address. Default: `127.0.0.1` + #[serde(default, skip_serializing_if = "Option::is_none", rename = "localAddress")] + pub local_address: Option, + /// Port specifies which port is used by the containers to communicate to the FIPS sidecar. Default: 9803 + #[serde(default, skip_serializing_if = "Option::is_none")] + pub port: Option, + /// PortRange specifies the number of ports used. Default: 15 + #[serde(default, skip_serializing_if = "Option::is_none", rename = "portRange")] + pub port_range: Option, + /// Resources is the requests and limits for the FIPS sidecar container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, + /// UseHTTPS enables HTTPS. Default: false + #[serde(default, skip_serializing_if = "Option::is_none", rename = "useHTTPS")] + pub use_https: Option, } -/// Host overrides the host used to contact kubelet API (default to status.hostIP). +/// CustomFIPSConfig configures a custom configMap to provide the FIPS configuration. Specify custom contents for the FIPS proxy sidecar container config (/etc/datadog-fips-proxy/datadog-fips-proxy.cfg). If empty, the default FIPS proxy sidecar container config is used. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct DatadogAgentGlobalKubeletHost { - /// Selects a key of a ConfigMap. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] - pub config_map_key_ref: Option, - /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] - pub field_ref: Option, - /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] - pub resource_field_ref: Option, - /// Selects a key of a secret in the pod's namespace - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, +pub struct DatadogAgentGlobalFipsCustomFipsConfig { + /// ConfigData corresponds to the configuration file content. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configData")] + pub config_data: Option, + /// ConfigMap references an existing ConfigMap with the configuration file content. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, } -/// Selects a key of a ConfigMap. +/// ConfigMap references an existing ConfigMap with the configuration file content. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct DatadogAgentGlobalKubeletHostConfigMapKeyRef { - /// The key to select. - pub key: String, - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +pub struct DatadogAgentGlobalFipsCustomFipsConfigConfigMap { + /// Items maps a ConfigMap data `key` to a file `path` mount. #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - /// Specify whether the ConfigMap or its key must be defined + pub items: Option>, + /// Name is the name of the ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, + pub name: Option, } -/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +/// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct DatadogAgentGlobalKubeletHostFieldRef { - /// Version of the schema the FieldPath is written in terms of, defaults to "v1". - #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] +pub struct DatadogAgentGlobalFipsCustomFipsConfigConfigMapItems { + /// key is the key to project. + pub key: String, + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + pub path: String, +} + +/// The container image of the FIPS sidecar. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentGlobalFipsImage { + /// Define whether the Agent image should support JMX. To be used if the Name field does not correspond to a full image string. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmxEnabled")] + pub jmx_enabled: Option, + /// Define the image to use: Use "gcr.io/datadoghq/agent:latest" for Datadog Agent 7. Use "datadog/dogstatsd:latest" for standalone Datadog Agent DogStatsD 7. Use "gcr.io/datadoghq/cluster-agent:latest" for Datadog Cluster Agent. Use "agent" with the registry and tag configurations for /agent:. Use "cluster-agent" with the registry and tag configurations for /cluster-agent:. If the name is the full image string—`:` or `/:`, then `tag`, `jmxEnabled`, and `global.registry` values are ignored. Otherwise, image string is created by overriding default settings with supplied `name`, `tag`, and `jmxEnabled` values; image string is created using default registry unless `global.registry` is configured. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// The Kubernetes pull policy: Use Always, Never, or IfNotPresent. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// It is possible to specify Docker registry credentials. See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullSecrets")] + pub pull_secrets: Option>, + /// Define the image tag to use. To be used if the Name field does not correspond to a full image string. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tag: Option, +} + +/// LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentGlobalFipsImagePullSecrets { + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// Resources is the requests and limits for the FIPS sidecar container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentGlobalFipsResources { + /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, +} + +/// Kubelet contains the kubelet configuration parameters. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentGlobalKubelet { + /// AgentCAPath is the container path where the kubelet CA certificate is stored. Default: '/var/run/host-kubelet-ca.crt' if hostCAPath is set, else '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt' + #[serde(default, skip_serializing_if = "Option::is_none", rename = "agentCAPath")] + pub agent_ca_path: Option, + /// Host overrides the host used to contact kubelet API (default to status.hostIP). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub host: Option, + /// HostCAPath is the host path where the kubelet CA certificate is stored. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostCAPath")] + pub host_ca_path: Option, + /// TLSVerify toggles kubelet TLS verification. Default: true + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsVerify")] + pub tls_verify: Option, +} + +/// Host overrides the host used to contact kubelet API (default to status.hostIP). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentGlobalKubeletHost { + /// Selects a key of a ConfigMap. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] + pub config_map_key_ref: Option, + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] + pub field_ref: Option, + /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] + pub resource_field_ref: Option, + /// Selects a key of a secret in the pod's namespace + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, +} + +/// Selects a key of a ConfigMap. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentGlobalKubeletHostConfigMapKeyRef { + /// The key to select. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentGlobalKubeletHostFieldRef { + /// Version of the schema the FieldPath is written in terms of, defaults to "v1". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, /// Path of the field to select in the specified API version. #[serde(rename = "fieldPath")] @@ -1081,6 +1500,14 @@ pub struct DatadogAgentGlobalNetworkPolicyDnsSelectorEndpointsMatchExpressions { pub values: Option>, } +/// OriginDetectionUnified defines the origin detection unified mechanism behavior. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentGlobalOriginDetectionUnified { + /// Enabled enables unified mechanism for origin detection. Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, +} + /// Override the default configurations of the agents #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverride { @@ -1288,10 +1715,10 @@ pub struct DatadogAgentOverrideAffinityPodAffinityPreferredDuringSchedulingIgnor /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. @@ -1322,7 +1749,7 @@ pub struct DatadogAgentOverrideAffinityPodAffinityPreferredDuringSchedulingIgnor pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -1351,10 +1778,10 @@ pub struct DatadogAgentOverrideAffinityPodAffinityRequiredDuringSchedulingIgnore /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. @@ -1385,7 +1812,7 @@ pub struct DatadogAgentOverrideAffinityPodAffinityRequiredDuringSchedulingIgnore pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -1435,10 +1862,10 @@ pub struct DatadogAgentOverrideAffinityPodAntiAffinityPreferredDuringSchedulingI /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. @@ -1469,7 +1896,7 @@ pub struct DatadogAgentOverrideAffinityPodAntiAffinityPreferredDuringSchedulingI pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -1498,10 +1925,10 @@ pub struct DatadogAgentOverrideAffinityPodAntiAffinityRequiredDuringSchedulingIg /// A label query over a set of resources, in this case pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, - /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + /// namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. @@ -1532,7 +1959,7 @@ pub struct DatadogAgentOverrideAffinityPodAntiAffinityRequiredDuringSchedulingIg pub values: Option>, } -/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled. +/// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -1688,7 +2115,7 @@ pub struct DatadogAgentOverrideContainersLivenessProbe { /// Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, - /// GRPC specifies an action involving a GRPC port. This is an alpha field and requires enabling GRPCContainerProbe feature gate. + /// GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -1722,7 +2149,7 @@ pub struct DatadogAgentOverrideContainersLivenessProbeExec { pub command: Option>, } -/// GRPC specifies an action involving a GRPC port. This is an alpha field and requires enabling GRPCContainerProbe feature gate. +/// GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideContainersLivenessProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -1780,7 +2207,7 @@ pub struct DatadogAgentOverrideContainersReadinessProbe { /// Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, - /// GRPC specifies an action involving a GRPC port. This is an alpha field and requires enabling GRPCContainerProbe feature gate. + /// GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -1814,7 +2241,7 @@ pub struct DatadogAgentOverrideContainersReadinessProbeExec { pub command: Option>, } -/// GRPC specifies an action involving a GRPC port. This is an alpha field and requires enabling GRPCContainerProbe feature gate. +/// GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideContainersReadinessProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -1910,12 +2337,12 @@ pub struct DatadogAgentOverrideContainersSeccompConfigCustomProfileConfigMap { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideContainersSeccompConfigCustomProfileConfigMapItems { - /// The key to project. + /// key is the key to project. pub key: String, - /// Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. pub path: String, } @@ -2061,12 +2488,12 @@ pub struct DatadogAgentOverrideCustomConfigurationsConfigMap { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideCustomConfigurationsConfigMapItems { - /// The key to project. + /// key is the key to project. pub key: String, - /// Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. pub path: String, } @@ -2175,12 +2602,12 @@ pub struct DatadogAgentOverrideExtraChecksdConfigMap { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideExtraChecksdConfigMapItems { - /// The key to project. + /// key is the key to project. pub key: String, - /// Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. pub path: String, } @@ -2209,12 +2636,12 @@ pub struct DatadogAgentOverrideExtraConfdConfigMap { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideExtraConfdConfigMapItems { - /// The key to project. + /// key is the key to project. pub key: String, - /// Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. pub path: String, } @@ -2361,178 +2788,178 @@ pub struct DatadogAgentOverrideTolerations { /// Volume represents a named volume in a pod that may be accessed by any container in the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumes { - /// AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + /// awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore #[serde(default, skip_serializing_if = "Option::is_none", rename = "awsElasticBlockStore")] pub aws_elastic_block_store: Option, - /// AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + /// azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. #[serde(default, skip_serializing_if = "Option::is_none", rename = "azureDisk")] pub azure_disk: Option, - /// AzureFile represents an Azure File Service mount on the host and bind mount to the pod. + /// azureFile represents an Azure File Service mount on the host and bind mount to the pod. #[serde(default, skip_serializing_if = "Option::is_none", rename = "azureFile")] pub azure_file: Option, - /// CephFS represents a Ceph FS mount on the host that shares a pod's lifetime + /// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime #[serde(default, skip_serializing_if = "Option::is_none")] pub cephfs: Option, - /// Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + /// cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[serde(default, skip_serializing_if = "Option::is_none")] pub cinder: Option, - /// ConfigMap represents a configMap that should populate this volume + /// configMap represents a configMap that should populate this volume #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] pub config_map: Option, - /// CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). + /// csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). #[serde(default, skip_serializing_if = "Option::is_none")] pub csi: Option, - /// DownwardAPI represents downward API about the pod that should populate this volume + /// downwardAPI represents downward API about the pod that should populate this volume #[serde(default, skip_serializing_if = "Option::is_none", rename = "downwardAPI")] pub downward_api: Option, - /// EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + /// emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDir")] pub empty_dir: Option, - /// Ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. + /// ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. /// Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). /// Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. /// A pod can use both types of ephemeral volumes and persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] pub ephemeral: Option, - /// FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. + /// fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. #[serde(default, skip_serializing_if = "Option::is_none")] pub fc: Option, - /// FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + /// flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. #[serde(default, skip_serializing_if = "Option::is_none", rename = "flexVolume")] pub flex_volume: Option, - /// Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running + /// flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running #[serde(default, skip_serializing_if = "Option::is_none")] pub flocker: Option, - /// GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + /// gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[serde(default, skip_serializing_if = "Option::is_none", rename = "gcePersistentDisk")] pub gce_persistent_disk: Option, - /// GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. + /// gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gitRepo")] pub git_repo: Option, - /// Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md + /// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md #[serde(default, skip_serializing_if = "Option::is_none")] pub glusterfs: Option, - /// HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. + /// hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, - /// ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md + /// iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md #[serde(default, skip_serializing_if = "Option::is_none")] pub iscsi: Option, - /// Volume's name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names pub name: String, - /// NFS represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + /// nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs #[serde(default, skip_serializing_if = "Option::is_none")] pub nfs: Option, - /// PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + /// persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims #[serde(default, skip_serializing_if = "Option::is_none", rename = "persistentVolumeClaim")] pub persistent_volume_claim: Option, - /// PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + /// photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "photonPersistentDisk")] pub photon_persistent_disk: Option, - /// PortworxVolume represents a portworx volume attached and mounted on kubelets host machine + /// portworxVolume represents a portworx volume attached and mounted on kubelets host machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "portworxVolume")] pub portworx_volume: Option, - /// Items for all in one resources secrets, configmaps, and downward API + /// projected items for all in one resources secrets, configmaps, and downward API #[serde(default, skip_serializing_if = "Option::is_none")] pub projected: Option, - /// Quobyte represents a Quobyte mount on the host that shares a pod's lifetime + /// quobyte represents a Quobyte mount on the host that shares a pod's lifetime #[serde(default, skip_serializing_if = "Option::is_none")] pub quobyte: Option, - /// RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md + /// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md #[serde(default, skip_serializing_if = "Option::is_none")] pub rbd: Option, - /// ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + /// scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scaleIO")] pub scale_io: Option, - /// Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + /// secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + /// storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. #[serde(default, skip_serializing_if = "Option::is_none")] pub storageos: Option, - /// VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + /// vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "vsphereVolume")] pub vsphere_volume: Option, } -/// AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +/// awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesAwsElasticBlockStore { - /// Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine + /// fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + /// partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). #[serde(default, skip_serializing_if = "Option::is_none")] pub partition: Option, - /// Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + /// readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + /// volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore #[serde(rename = "volumeID")] pub volume_id: String, } -/// AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. +/// azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesAzureDisk { - /// Host Caching mode: None, Read Only, Read Write. + /// cachingMode is the Host Caching mode: None, Read Only, Read Write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cachingMode")] pub caching_mode: Option, - /// The Name of the data disk in the blob storage + /// diskName is the Name of the data disk in the blob storage #[serde(rename = "diskName")] pub disk_name: String, - /// The URI the data disk in the blob storage + /// diskURI is the URI of data disk in the blob storage #[serde(rename = "diskURI")] pub disk_uri: String, - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared + /// kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, } -/// AzureFile represents an Azure File Service mount on the host and bind mount to the pod. +/// azureFile represents an Azure File Service mount on the host and bind mount to the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesAzureFile { - /// Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// the name of secret that contains Azure Storage Account Name and Key + /// secretName is the name of secret that contains Azure Storage Account Name and Key #[serde(rename = "secretName")] pub secret_name: String, - /// Share Name + /// shareName is the azure share Name #[serde(rename = "shareName")] pub share_name: String, } -/// CephFS represents a Ceph FS mount on the host that shares a pod's lifetime +/// cephFS represents a Ceph FS mount on the host that shares a pod's lifetime #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesCephfs { - /// Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + /// monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it pub monitors: Vec, - /// Optional: Used as the mounted root, rather than the full Ceph tree, default is / + /// path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + /// secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretFile")] pub secret_file: Option, - /// Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + /// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, - /// Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + /// user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none")] pub user: Option, } -/// Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +/// secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesCephfsSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -2540,24 +2967,24 @@ pub struct DatadogAgentOverrideVolumesCephfsSecretRef { pub name: Option, } -/// Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md +/// cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesCinder { - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Optional: points to a secret object containing parameters used to connect to OpenStack. + /// secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, - /// volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + /// volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md #[serde(rename = "volumeID")] pub volume_id: String, } -/// Optional: points to a secret object containing parameters used to connect to OpenStack. +/// secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesCinderSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -2565,19 +2992,19 @@ pub struct DatadogAgentOverrideVolumesCinderSecretRef { pub name: Option, } -/// ConfigMap represents a configMap that should populate this volume +/// configMap represents a configMap that should populate this volume #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesConfigMap { - /// Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + /// items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Specify whether the ConfigMap or its keys must be defined + /// optional specify whether the ConfigMap or its keys must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, } @@ -2585,35 +3012,35 @@ pub struct DatadogAgentOverrideVolumesConfigMap { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesConfigMapItems { - /// The key to project. + /// key is the key to project. pub key: String, - /// Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. pub path: String, } -/// CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). +/// csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesCsi { - /// Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. + /// driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. pub driver: String, - /// Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. + /// fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. + /// nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodePublishSecretRef")] pub node_publish_secret_ref: Option, - /// Specifies a read-only configuration for the volume. Defaults to false (read/write). + /// readOnly specifies a read-only configuration for the volume. Defaults to false (read/write). #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. + /// volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributes")] pub volume_attributes: Option>, } -/// NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. +/// nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesCsiNodePublishSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -2621,7 +3048,7 @@ pub struct DatadogAgentOverrideVolumesCsiNodePublishSecretRef { pub name: Option, } -/// DownwardAPI represents downward API about the pod that should populate this volume +/// downwardAPI represents downward API about the pod that should populate this volume #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesDownwardApi { /// Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. @@ -2672,18 +3099,18 @@ pub struct DatadogAgentOverrideVolumesDownwardApiItemsResourceFieldRef { pub resource: String, } -/// EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +/// emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesEmptyDir { - /// What type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + /// medium represents what type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir #[serde(default, skip_serializing_if = "Option::is_none")] pub medium: Option, - /// Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir + /// sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir #[serde(default, skip_serializing_if = "Option::is_none", rename = "sizeLimit")] pub size_limit: Option, } -/// Ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. +/// ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. /// Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). /// Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. @@ -2719,33 +3146,33 @@ pub struct DatadogAgentOverrideVolumesEphemeralVolumeClaimTemplateMetadata { /// The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesEphemeralVolumeClaimTemplateSpec { - /// AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + /// accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] pub access_modes: Option>, - /// This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. + /// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSource")] pub data_source: Option, - /// Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Alpha) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSourceRef")] pub data_source_ref: Option, - /// Resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + /// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, - /// A label query over volumes to consider for binding. + /// selector is a label query over volumes to consider for binding. #[serde(default, skip_serializing_if = "Option::is_none")] pub selector: Option, - /// Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + /// storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] pub storage_class_name: Option, /// volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] pub volume_mode: Option, - /// VolumeName is the binding reference to the PersistentVolume backing this claim. + /// volumeName is the binding reference to the PersistentVolume backing this claim. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] pub volume_name: Option, } -/// This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. +/// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesEphemeralVolumeClaimTemplateSpecDataSource { /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. @@ -2757,7 +3184,7 @@ pub struct DatadogAgentOverrideVolumesEphemeralVolumeClaimTemplateSpecDataSource pub name: String, } -/// Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Alpha) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesEphemeralVolumeClaimTemplateSpecDataSourceRef { /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. @@ -2769,7 +3196,7 @@ pub struct DatadogAgentOverrideVolumesEphemeralVolumeClaimTemplateSpecDataSource pub name: String, } -/// Resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +/// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesEphemeralVolumeClaimTemplateSpecResources { /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -2780,7 +3207,7 @@ pub struct DatadogAgentOverrideVolumesEphemeralVolumeClaimTemplateSpecResources pub requests: Option>, } -/// A label query over volumes to consider for binding. +/// selector is a label query over volumes to consider for binding. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesEphemeralVolumeClaimTemplateSpecSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -2803,46 +3230,46 @@ pub struct DatadogAgentOverrideVolumesEphemeralVolumeClaimTemplateSpecSelectorMa pub values: Option>, } -/// FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. +/// fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesFc { - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Optional: FC target lun number + /// lun is Optional: FC target lun number #[serde(default, skip_serializing_if = "Option::is_none")] pub lun: Option, - /// Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Optional: FC target worldwide names (WWNs) + /// targetWWNs is Optional: FC target worldwide names (WWNs) #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetWWNs")] pub target_ww_ns: Option>, - /// Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + /// wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. #[serde(default, skip_serializing_if = "Option::is_none")] pub wwids: Option>, } -/// FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. +/// flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesFlexVolume { - /// Driver is the name of the driver to use for this volume. + /// driver is the name of the driver to use for this volume. pub driver: String, - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Optional: Extra command options if any. + /// options is Optional: this field holds extra command options if any. #[serde(default, skip_serializing_if = "Option::is_none")] pub options: Option>, - /// Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. + /// secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, } -/// Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. +/// secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesFlexVolumeSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -2850,106 +3277,106 @@ pub struct DatadogAgentOverrideVolumesFlexVolumeSecretRef { pub name: Option, } -/// Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running +/// flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesFlocker { - /// Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated + /// datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated #[serde(default, skip_serializing_if = "Option::is_none", rename = "datasetName")] pub dataset_name: Option, - /// UUID of the dataset. This is unique identifier of a Flocker dataset + /// datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset #[serde(default, skip_serializing_if = "Option::is_none", rename = "datasetUUID")] pub dataset_uuid: Option, } -/// GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +/// gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesGcePersistentDisk { - /// Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine + /// fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + /// partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[serde(default, skip_serializing_if = "Option::is_none")] pub partition: Option, - /// Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + /// pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[serde(rename = "pdName")] pub pd_name: String, - /// ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + /// readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, } -/// GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. +/// gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesGitRepo { - /// Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. + /// directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. #[serde(default, skip_serializing_if = "Option::is_none")] pub directory: Option, - /// Repository URL + /// repository is the URL pub repository: String, - /// Commit hash for the specified revision. + /// revision is the commit hash for the specified revision. #[serde(default, skip_serializing_if = "Option::is_none")] pub revision: Option, } -/// Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md +/// glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesGlusterfs { - /// EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + /// endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod pub endpoints: String, - /// Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + /// path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod pub path: String, - /// ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + /// readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, } -/// HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. +/// hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesHostPath { - /// Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + /// path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath pub path: String, - /// Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + /// type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, } -/// ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md +/// iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesIscsi { - /// whether support iSCSI Discovery CHAP authentication + /// chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication #[serde(default, skip_serializing_if = "Option::is_none", rename = "chapAuthDiscovery")] pub chap_auth_discovery: Option, - /// whether support iSCSI Session CHAP authentication + /// chapAuthSession defines whether support iSCSI Session CHAP authentication #[serde(default, skip_serializing_if = "Option::is_none", rename = "chapAuthSession")] pub chap_auth_session: Option, - /// Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine + /// fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. + /// initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. #[serde(default, skip_serializing_if = "Option::is_none", rename = "initiatorName")] pub initiator_name: Option, - /// Target iSCSI Qualified Name. + /// iqn is the target iSCSI Qualified Name. pub iqn: String, - /// iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). + /// iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). #[serde(default, skip_serializing_if = "Option::is_none", rename = "iscsiInterface")] pub iscsi_interface: Option, - /// iSCSI Target Lun number. + /// lun represents iSCSI Target Lun number. pub lun: i32, - /// iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + /// portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). #[serde(default, skip_serializing_if = "Option::is_none")] pub portals: Option>, - /// ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. + /// readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// CHAP Secret for iSCSI target and initiator authentication + /// secretRef is the CHAP Secret for iSCSI target and initiator authentication #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, - /// iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + /// targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). #[serde(rename = "targetPortal")] pub target_portal: String, } -/// CHAP Secret for iSCSI target and initiator authentication +/// secretRef is the CHAP Secret for iSCSI target and initiator authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesIscsiSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -2957,61 +3384,61 @@ pub struct DatadogAgentOverrideVolumesIscsiSecretRef { pub name: Option, } -/// NFS represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs +/// nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesNfs { - /// Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + /// path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs pub path: String, - /// ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + /// readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + /// server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs pub server: String, } -/// PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +/// persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesPersistentVolumeClaim { - /// ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + /// claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims #[serde(rename = "claimName")] pub claim_name: String, - /// Will force the ReadOnly setting in VolumeMounts. Default false. + /// readOnly Will force the ReadOnly setting in VolumeMounts. Default false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, } -/// PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine +/// photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesPhotonPersistentDisk { - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// ID that identifies Photon Controller persistent disk + /// pdID is the ID that identifies Photon Controller persistent disk #[serde(rename = "pdID")] pub pd_id: String, } -/// PortworxVolume represents a portworx volume attached and mounted on kubelets host machine +/// portworxVolume represents a portworx volume attached and mounted on kubelets host machine #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesPortworxVolume { - /// FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + /// fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// VolumeID uniquely identifies a Portworx volume + /// volumeID uniquely identifies a Portworx volume #[serde(rename = "volumeID")] pub volume_id: String, } -/// Items for all in one resources secrets, configmaps, and downward API +/// projected items for all in one resources secrets, configmaps, and downward API #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesProjected { - /// Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// list of volume projections + /// sources is the list of volume projections #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } @@ -3019,30 +3446,30 @@ pub struct DatadogAgentOverrideVolumesProjected { /// Projection that may be projected along with other supported volume types #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesProjectedSources { - /// information about the configMap data to project + /// configMap information about the configMap data to project #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] pub config_map: Option, - /// information about the downwardAPI data to project + /// downwardAPI information about the downwardAPI data to project #[serde(default, skip_serializing_if = "Option::is_none", rename = "downwardAPI")] pub downward_api: Option, - /// information about the secret data to project + /// secret information about the secret data to project #[serde(default, skip_serializing_if = "Option::is_none")] pub secret: Option, - /// information about the serviceAccountToken data to project + /// serviceAccountToken is information about the serviceAccountToken data to project #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccountToken")] pub service_account_token: Option, } -/// information about the configMap data to project +/// configMap information about the configMap data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesProjectedSourcesConfigMap { - /// If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + /// items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Specify whether the ConfigMap or its keys must be defined + /// optional specify whether the ConfigMap or its keys must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, } @@ -3050,16 +3477,16 @@ pub struct DatadogAgentOverrideVolumesProjectedSourcesConfigMap { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesProjectedSourcesConfigMapItems { - /// The key to project. + /// key is the key to project. pub key: String, - /// Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. pub path: String, } -/// information about the downwardAPI data to project +/// downwardAPI information about the downwardAPI data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesProjectedSourcesDownwardApi { /// Items is a list of DownwardAPIVolume file @@ -3107,16 +3534,16 @@ pub struct DatadogAgentOverrideVolumesProjectedSourcesDownwardApiItemsResourceFi pub resource: String, } -/// information about the secret data to project +/// secret information about the secret data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesProjectedSourcesSecret { - /// If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + /// items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Specify whether the Secret or its key must be defined + /// optional field specify whether the Secret or its key must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, } @@ -3124,77 +3551,77 @@ pub struct DatadogAgentOverrideVolumesProjectedSourcesSecret { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesProjectedSourcesSecretItems { - /// The key to project. + /// key is the key to project. pub key: String, - /// Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. pub path: String, } -/// information about the serviceAccountToken data to project +/// serviceAccountToken is information about the serviceAccountToken data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesProjectedSourcesServiceAccountToken { - /// Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + /// audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. #[serde(default, skip_serializing_if = "Option::is_none")] pub audience: Option, - /// ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + /// expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. #[serde(default, skip_serializing_if = "Option::is_none", rename = "expirationSeconds")] pub expiration_seconds: Option, - /// Path is the path relative to the mount point of the file to project the token into. + /// path is the path relative to the mount point of the file to project the token into. pub path: String, } -/// Quobyte represents a Quobyte mount on the host that shares a pod's lifetime +/// quobyte represents a Quobyte mount on the host that shares a pod's lifetime #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesQuobyte { - /// Group to map volume access to Default is no group + /// group to map volume access to Default is no group #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, - /// ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. + /// readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes + /// registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes pub registry: String, - /// Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin + /// tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin #[serde(default, skip_serializing_if = "Option::is_none")] pub tenant: Option, - /// User to map volume access to Defaults to serivceaccount user + /// user to map volume access to Defaults to serivceaccount user #[serde(default, skip_serializing_if = "Option::is_none")] pub user: Option, - /// Volume is a string that references an already created Quobyte volume by name. + /// volume is a string that references an already created Quobyte volume by name. pub volume: String, } -/// RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md +/// rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesRbd { - /// Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine + /// fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it pub image: String, - /// Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none")] pub keyring: Option, - /// A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it pub monitors: Vec, - /// The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none")] pub pool: Option, - /// ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, - /// The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + /// user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[serde(default, skip_serializing_if = "Option::is_none")] pub user: Option, } -/// SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +/// secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesRbdSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -3202,40 +3629,40 @@ pub struct DatadogAgentOverrideVolumesRbdSecretRef { pub name: Option, } -/// ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. +/// scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesScaleIo { - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// The host address of the ScaleIO API Gateway. + /// gateway is the host address of the ScaleIO API Gateway. pub gateway: String, - /// The name of the ScaleIO Protection Domain for the configured storage. + /// protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. #[serde(default, skip_serializing_if = "Option::is_none", rename = "protectionDomain")] pub protection_domain: Option, - /// Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. + /// secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. #[serde(rename = "secretRef")] pub secret_ref: DatadogAgentOverrideVolumesScaleIoSecretRef, - /// Flag to enable/disable SSL communication with Gateway, default false + /// sslEnabled Flag enable/disable SSL communication with Gateway, default false #[serde(default, skip_serializing_if = "Option::is_none", rename = "sslEnabled")] pub ssl_enabled: Option, - /// Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + /// storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageMode")] pub storage_mode: Option, - /// The ScaleIO Storage Pool associated with the protection domain. + /// storagePool is the ScaleIO Storage Pool associated with the protection domain. #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePool")] pub storage_pool: Option, - /// The name of the storage system as configured in ScaleIO. + /// system is the name of the storage system as configured in ScaleIO. pub system: String, - /// The name of a volume already created in the ScaleIO system that is associated with this volume source. + /// volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] pub volume_name: Option, } -/// SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. +/// secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesScaleIoSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -3243,19 +3670,19 @@ pub struct DatadogAgentOverrideVolumesScaleIoSecretRef { pub name: Option, } -/// Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +/// secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesSecret { - /// Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + /// items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. #[serde(default, skip_serializing_if = "Option::is_none")] pub items: Option>, - /// Specify whether the Secret or its keys must be defined + /// optional field specify whether the Secret or its keys must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, - /// Name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + /// secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] pub secret_name: Option, } @@ -3263,36 +3690,36 @@ pub struct DatadogAgentOverrideVolumesSecret { /// Maps a string key to a path within a volume. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesSecretItems { - /// The key to project. + /// key is the key to project. pub key: String, - /// Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, - /// The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. pub path: String, } -/// StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. +/// storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesStorageos { - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + /// readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, - /// SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. + /// secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] pub secret_ref: Option, - /// VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. + /// volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeName")] pub volume_name: Option, - /// VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. + /// volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeNamespace")] pub volume_namespace: Option, } -/// SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. +/// secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesStorageosSecretRef { /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? @@ -3300,19 +3727,19 @@ pub struct DatadogAgentOverrideVolumesStorageosSecretRef { pub name: Option, } -/// VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine +/// vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverrideVolumesVsphereVolume { - /// Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + /// fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, - /// Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. + /// storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePolicyID")] pub storage_policy_id: Option, - /// Storage Policy Based Management (SPBM) profile name. + /// storagePolicyName is the storage Policy Based Management (SPBM) profile name. #[serde(default, skip_serializing_if = "Option::is_none", rename = "storagePolicyName")] pub storage_policy_name: Option, - /// Path that identifies vSphere volume vmdk + /// volumePath is the path that identifies vSphere volume vmdk #[serde(rename = "volumePath")] pub volume_path: String, } @@ -3335,6 +3762,9 @@ pub struct DatadogAgentStatus { /// Conditions Represents the latest available observations of a DatadogAgent's current state. #[serde(default, skip_serializing_if = "Option::is_none")] pub conditions: Option>, + /// RemoteConfigConfiguration stores the configuration received from RemoteConfig. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "remoteConfigConfiguration")] + pub remote_config_configuration: Option, } /// The combined actual state of all Agents as daemonsets or extended daemonsets. @@ -3475,3 +3905,1074 @@ pub struct DatadogAgentStatusClusterChecksRunner { pub updated_replicas: Option, } +/// RemoteConfigConfiguration stores the configuration received from RemoteConfig. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfiguration { + /// DatadogFeatures are features running on the Agent and Cluster Agent. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub features: Option, +} + +/// DatadogFeatures are features running on the Agent and Cluster Agent. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeatures { + /// AdmissionController configuration. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "admissionController")] + pub admission_controller: Option, + /// APM (Application Performance Monitoring) configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub apm: Option, + /// ASM (Application Security Management) configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub asm: Option, + /// ClusterChecks configuration. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterChecks")] + pub cluster_checks: Option, + /// CSPM (Cloud Security Posture Management) configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cspm: Option, + /// CWS (Cloud Workload Security) configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cws: Option, + /// Dogstatsd configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub dogstatsd: Option, + /// EBPFCheck configuration. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "ebpfCheck")] + pub ebpf_check: Option, + /// EventCollection configuration. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "eventCollection")] + pub event_collection: Option, + /// ExternalMetricsServer configuration. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalMetricsServer")] + pub external_metrics_server: Option, + /// HelmCheck configuration. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "helmCheck")] + pub helm_check: Option, + /// KubeStateMetricsCore check configuration. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeStateMetricsCore")] + pub kube_state_metrics_core: Option, + /// LiveContainerCollection configuration. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "liveContainerCollection")] + pub live_container_collection: Option, + /// LiveProcessCollection configuration. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "liveProcessCollection")] + pub live_process_collection: Option, + /// LogCollection configuration. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "logCollection")] + pub log_collection: Option, + /// NPM (Network Performance Monitoring) configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub npm: Option, + /// OOMKill configuration. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "oomKill")] + pub oom_kill: Option, + /// OrchestratorExplorer check configuration. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "orchestratorExplorer")] + pub orchestrator_explorer: Option, + /// OTLP ingest configuration + #[serde(default, skip_serializing_if = "Option::is_none")] + pub otlp: Option, + /// ProcessDiscovery configuration. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "processDiscovery")] + pub process_discovery: Option, + /// PrometheusScrape configuration. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "prometheusScrape")] + pub prometheus_scrape: Option, + /// Remote Configuration configuration. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "remoteConfiguration")] + pub remote_configuration: Option, + /// SBOM collection configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub sbom: Option, + /// TCPQueueLength configuration. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tcpQueueLength")] + pub tcp_queue_length: Option, + /// USM (Universal Service Monitoring) configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub usm: Option, +} + +/// AdmissionController configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesAdmissionController { + /// AgentCommunicationMode corresponds to the mode used by the Datadog application libraries to communicate with the Agent. It can be "hostip", "service", or "socket". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "agentCommunicationMode")] + pub agent_communication_mode: Option, + /// AgentSidecarInjection contains Agent sidecar injection configurations. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "agentSidecarInjection")] + pub agent_sidecar_injection: Option, + /// CWSInstrumentation holds the CWS Instrumentation endpoint configuration + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cwsInstrumentation")] + pub cws_instrumentation: Option, + /// Enabled enables the Admission Controller. Default: true + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// FailurePolicy determines how unrecognized and timeout errors are handled. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "failurePolicy")] + pub failure_policy: Option, + /// MutateUnlabelled enables config injection without the need of pod label 'admission.datadoghq.com/enabled="true"'. Default: false + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mutateUnlabelled")] + pub mutate_unlabelled: Option, + /// Registry defines an image registry for the admission controller. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub registry: Option, + /// ServiceName corresponds to the webhook service name. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceName")] + pub service_name: Option, + /// WebhookName is a custom name for the MutatingWebhookConfiguration. Default: "datadog-webhook" + #[serde(default, skip_serializing_if = "Option::is_none", rename = "webhookName")] + pub webhook_name: Option, +} + +/// AgentSidecarInjection contains Agent sidecar injection configurations. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesAdmissionControllerAgentSidecarInjection { + /// ClusterAgentCommunicationEnabled enables communication between Agent sidecars and the Cluster Agent. Default : true + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterAgentCommunicationEnabled")] + pub cluster_agent_communication_enabled: Option, + /// Enabled enables Sidecar injections. Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// Image overrides the default Agent image name and tag for the Agent sidecar. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, + /// Profiles define the sidecar configuration override. Only one profile is supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub profiles: Option>, + /// Provider is used to add infrastructure provider-specific configurations to the Agent sidecar. Currently only "fargate" is supported. To use the feature in other environments (including local testing) omit the config. See also: https://docs.datadoghq.com/integrations/eks_fargate + #[serde(default, skip_serializing_if = "Option::is_none")] + pub provider: Option, + /// Registry overrides the default registry for the sidecar Agent. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub registry: Option, + /// Selectors define the pod selector for sidecar injection. Only one rule is supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selectors: Option>, +} + +/// Image overrides the default Agent image name and tag for the Agent sidecar. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesAdmissionControllerAgentSidecarInjectionImage { + /// Define whether the Agent image should support JMX. To be used if the Name field does not correspond to a full image string. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "jmxEnabled")] + pub jmx_enabled: Option, + /// Define the image to use: Use "gcr.io/datadoghq/agent:latest" for Datadog Agent 7. Use "datadog/dogstatsd:latest" for standalone Datadog Agent DogStatsD 7. Use "gcr.io/datadoghq/cluster-agent:latest" for Datadog Cluster Agent. Use "agent" with the registry and tag configurations for /agent:. Use "cluster-agent" with the registry and tag configurations for /cluster-agent:. If the name is the full image string—`:` or `/:`, then `tag`, `jmxEnabled`, and `global.registry` values are ignored. Otherwise, image string is created by overriding default settings with supplied `name`, `tag`, and `jmxEnabled` values; image string is created using default registry unless `global.registry` is configured. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// The Kubernetes pull policy: Use Always, Never, or IfNotPresent. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// It is possible to specify Docker registry credentials. See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullSecrets")] + pub pull_secrets: Option>, + /// Define the image tag to use. To be used if the Name field does not correspond to a full image string. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tag: Option, +} + +/// LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesAdmissionControllerAgentSidecarInjectionImagePullSecrets { + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// Profile defines a sidecar configuration override. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesAdmissionControllerAgentSidecarInjectionProfiles { + /// EnvVars specifies the environment variables for the profile. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub env: Option>, + /// ResourceRequirements specifies the resource requirements for the profile. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, +} + +/// EnvVar represents an environment variable present in a Container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesAdmissionControllerAgentSidecarInjectionProfilesEnv { + /// Name of the environment variable. Must be a C_IDENTIFIER. + pub name: String, + /// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, + /// Source for the environment variable's value. Cannot be used if value is not empty. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] + pub value_from: Option, +} + +/// Source for the environment variable's value. Cannot be used if value is not empty. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesAdmissionControllerAgentSidecarInjectionProfilesEnvValueFrom { + /// Selects a key of a ConfigMap. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] + pub config_map_key_ref: Option, + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] + pub field_ref: Option, + /// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] + pub resource_field_ref: Option, + /// Selects a key of a secret in the pod's namespace + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, +} + +/// Selects a key of a ConfigMap. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesAdmissionControllerAgentSidecarInjectionProfilesEnvValueFromConfigMapKeyRef { + /// The key to select. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesAdmissionControllerAgentSidecarInjectionProfilesEnvValueFromFieldRef { + /// Version of the schema the FieldPath is written in terms of, defaults to "v1". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Path of the field to select in the specified API version. + #[serde(rename = "fieldPath")] + pub field_path: String, +} + +/// Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesAdmissionControllerAgentSidecarInjectionProfilesEnvValueFromResourceFieldRef { + /// Container name: required for volumes, optional for env vars + #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] + pub container_name: Option, + /// Specifies the output format of the exposed resources, defaults to "1" + #[serde(default, skip_serializing_if = "Option::is_none")] + pub divisor: Option, + /// Required: resource to select + pub resource: String, +} + +/// Selects a key of a secret in the pod's namespace +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesAdmissionControllerAgentSidecarInjectionProfilesEnvValueFromSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// ResourceRequirements specifies the resource requirements for the profile. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesAdmissionControllerAgentSidecarInjectionProfilesResources { + /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, +} + +/// Selectors define a pod selector for sidecar injection. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesAdmissionControllerAgentSidecarInjectionSelectors { + /// NamespaceSelector specifies the label selector for namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// ObjectSelector specifies the label selector for objects. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "objectSelector")] + pub object_selector: Option, +} + +/// NamespaceSelector specifies the label selector for namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesAdmissionControllerAgentSidecarInjectionSelectorsNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesAdmissionControllerAgentSidecarInjectionSelectorsNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// ObjectSelector specifies the label selector for objects. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesAdmissionControllerAgentSidecarInjectionSelectorsObjectSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesAdmissionControllerAgentSidecarInjectionSelectorsObjectSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// CWSInstrumentation holds the CWS Instrumentation endpoint configuration +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesAdmissionControllerCwsInstrumentation { + /// Enable the CWS Instrumentation admission controller endpoint. Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// Mode defines the behavior of the CWS Instrumentation endpoint, and can be either "init_container" or "remote_copy". Default: "remote_copy" + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, +} + +/// APM (Application Performance Monitoring) configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesApm { + /// Enabled enables Application Performance Monitoring. Default: true + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// HostPortConfig contains host port configuration. Enabled Default: false Port Default: 8126 + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPortConfig")] + pub host_port_config: Option, + /// SingleStepInstrumentation allows the agent to inject the Datadog APM libraries into all pods in the cluster. Feature is in beta. See also: https://docs.datadoghq.com/tracing/trace_collection/single-step-apm Enabled Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub instrumentation: Option, + /// UnixDomainSocketConfig contains socket configuration. See also: https://docs.datadoghq.com/agent/kubernetes/apm/?tab=helm#agent-environment-variables Enabled Default: true Path Default: `/var/run/datadog/apm.socket` + #[serde(default, skip_serializing_if = "Option::is_none", rename = "unixDomainSocketConfig")] + pub unix_domain_socket_config: Option, +} + +/// HostPortConfig contains host port configuration. Enabled Default: false Port Default: 8126 +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesApmHostPortConfig { + /// Enabled enables host port configuration Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.) If HostNetwork is enabled, this value must match the ContainerPort. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPort")] + pub host_port: Option, +} + +/// SingleStepInstrumentation allows the agent to inject the Datadog APM libraries into all pods in the cluster. Feature is in beta. See also: https://docs.datadoghq.com/tracing/trace_collection/single-step-apm Enabled Default: false +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesApmInstrumentation { + /// DisabledNamespaces disables injecting the Datadog APM libraries into pods in specific namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "disabledNamespaces")] + pub disabled_namespaces: Option>, + /// Enabled enables injecting the Datadog APM libraries into all pods in the cluster. Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// EnabledNamespaces enables injecting the Datadog APM libraries into pods in specific namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enabledNamespaces")] + pub enabled_namespaces: Option>, + /// LibVersions configures injection of specific tracing library versions with Single Step Instrumentation. : ex: "java": "v1.18.0" + #[serde(default, skip_serializing_if = "Option::is_none", rename = "libVersions")] + pub lib_versions: Option>, +} + +/// UnixDomainSocketConfig contains socket configuration. See also: https://docs.datadoghq.com/agent/kubernetes/apm/?tab=helm#agent-environment-variables Enabled Default: true Path Default: `/var/run/datadog/apm.socket` +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesApmUnixDomainSocketConfig { + /// Enabled enables Unix Domain Socket. Default: true + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// Path defines the socket path used when enabled. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub path: Option, +} + +/// ASM (Application Security Management) configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesAsm { + /// IAST configures Interactive Application Security Testing. Enabled Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub iast: Option, + /// SCA configures Software Composition Analysis. Enabled Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub sca: Option, + /// Threats configures ASM App & API Protection. Enabled Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub threats: Option, +} + +/// IAST configures Interactive Application Security Testing. Enabled Default: false +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesAsmIast { + /// Enabled enables Interactive Application Security Testing (IAST). Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, +} + +/// SCA configures Software Composition Analysis. Enabled Default: false +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesAsmSca { + /// Enabled enables Software Composition Analysis (SCA). Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, +} + +/// Threats configures ASM App & API Protection. Enabled Default: false +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesAsmThreats { + /// Enabled enables ASM App & API Protection. Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, +} + +/// ClusterChecks configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesClusterChecks { + /// Enables Cluster Checks scheduling in the Cluster Agent. Default: true + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// Enabled enables Cluster Checks Runners to run all Cluster Checks. Default: false + #[serde(default, skip_serializing_if = "Option::is_none", rename = "useClusterChecksRunners")] + pub use_cluster_checks_runners: Option, +} + +/// CSPM (Cloud Security Posture Management) configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesCspm { + /// CheckInterval defines the check interval. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "checkInterval")] + pub check_interval: Option, + /// CustomBenchmarks contains CSPM benchmarks. The content of the ConfigMap will be merged with the benchmarks bundled with the agent. Any benchmarks with the same name as those existing in the agent will take precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customBenchmarks")] + pub custom_benchmarks: Option, + /// Enabled enables Cloud Security Posture Management. Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// HostBenchmarks contains configuration for host benchmarks. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostBenchmarks")] + pub host_benchmarks: Option, +} + +/// CustomBenchmarks contains CSPM benchmarks. The content of the ConfigMap will be merged with the benchmarks bundled with the agent. Any benchmarks with the same name as those existing in the agent will take precedence. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesCspmCustomBenchmarks { + /// ConfigData corresponds to the configuration file content. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configData")] + pub config_data: Option, + /// ConfigMap references an existing ConfigMap with the configuration file content. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, +} + +/// ConfigMap references an existing ConfigMap with the configuration file content. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesCspmCustomBenchmarksConfigMap { + /// Items maps a ConfigMap data `key` to a file `path` mount. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + /// Name is the name of the ConfigMap. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// Maps a string key to a path within a volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesCspmCustomBenchmarksConfigMapItems { + /// key is the key to project. + pub key: String, + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + pub path: String, +} + +/// HostBenchmarks contains configuration for host benchmarks. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesCspmHostBenchmarks { + /// Enabled enables host benchmarks. Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, +} + +/// CWS (Cloud Workload Security) configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesCws { + /// CustomPolicies contains security policies. The content of the ConfigMap will be merged with the policies bundled with the agent. Any policies with the same name as those existing in the agent will take precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customPolicies")] + pub custom_policies: Option, + /// Enabled enables Cloud Workload Security. Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub network: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "remoteConfiguration")] + pub remote_configuration: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityProfiles")] + pub security_profiles: Option, + /// SyscallMonitorEnabled enables Syscall Monitoring (recommended for troubleshooting only). Default: false + #[serde(default, skip_serializing_if = "Option::is_none", rename = "syscallMonitorEnabled")] + pub syscall_monitor_enabled: Option, +} + +/// CustomPolicies contains security policies. The content of the ConfigMap will be merged with the policies bundled with the agent. Any policies with the same name as those existing in the agent will take precedence. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesCwsCustomPolicies { + /// ConfigData corresponds to the configuration file content. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configData")] + pub config_data: Option, + /// ConfigMap references an existing ConfigMap with the configuration file content. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, +} + +/// ConfigMap references an existing ConfigMap with the configuration file content. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesCwsCustomPoliciesConfigMap { + /// Items maps a ConfigMap data `key` to a file `path` mount. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + /// Name is the name of the ConfigMap. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// Maps a string key to a path within a volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesCwsCustomPoliciesConfigMapItems { + /// key is the key to project. + pub key: String, + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + pub path: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesCwsNetwork { + /// Enabled enables Cloud Workload Security Network detections. Default: true + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesCwsRemoteConfiguration { + /// Enabled enables Remote Configuration for Cloud Workload Security. Default: true + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesCwsSecurityProfiles { + /// Enabled enables Security Profiles collection for Cloud Workload Security. Default: true + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, +} + +/// Dogstatsd configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesDogstatsd { + /// HostPortConfig contains host port configuration. Enabled Default: false Port Default: 8125 + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPortConfig")] + pub host_port_config: Option, + /// Configure the Dogstasd Mapper Profiles. Can be passed as raw data or via a json encoded string in a config map. See also: https://docs.datadoghq.com/developers/dogstatsd/dogstatsd_mapper/ + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mapperProfiles")] + pub mapper_profiles: Option, + /// OriginDetectionEnabled enables origin detection for container tagging. See also: https://docs.datadoghq.com/developers/dogstatsd/unix_socket/#using-origin-detection-for-container-tagging + #[serde(default, skip_serializing_if = "Option::is_none", rename = "originDetectionEnabled")] + pub origin_detection_enabled: Option, + /// TagCardinality configures tag cardinality for the metrics collected using origin detection (`low`, `orchestrator` or `high`). See also: https://docs.datadoghq.com/getting_started/tagging/assigning_tags/?tab=containerizedenvironments#environment-variables Cardinality default: low + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tagCardinality")] + pub tag_cardinality: Option, + /// UnixDomainSocketConfig contains socket configuration. See also: https://docs.datadoghq.com/agent/kubernetes/apm/?tab=helm#agent-environment-variables Enabled Default: true Path Default: `/var/run/datadog/dsd.socket` + #[serde(default, skip_serializing_if = "Option::is_none", rename = "unixDomainSocketConfig")] + pub unix_domain_socket_config: Option, +} + +/// HostPortConfig contains host port configuration. Enabled Default: false Port Default: 8125 +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesDogstatsdHostPortConfig { + /// Enabled enables host port configuration Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.) If HostNetwork is enabled, this value must match the ContainerPort. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPort")] + pub host_port: Option, +} + +/// Configure the Dogstasd Mapper Profiles. Can be passed as raw data or via a json encoded string in a config map. See also: https://docs.datadoghq.com/developers/dogstatsd/dogstatsd_mapper/ +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesDogstatsdMapperProfiles { + /// ConfigData corresponds to the configuration file content. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configData")] + pub config_data: Option, + /// ConfigMap references an existing ConfigMap with the configuration file content. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, +} + +/// ConfigMap references an existing ConfigMap with the configuration file content. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesDogstatsdMapperProfilesConfigMap { + /// Items maps a ConfigMap data `key` to a file `path` mount. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + /// Name is the name of the ConfigMap. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// Maps a string key to a path within a volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesDogstatsdMapperProfilesConfigMapItems { + /// key is the key to project. + pub key: String, + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + pub path: String, +} + +/// UnixDomainSocketConfig contains socket configuration. See also: https://docs.datadoghq.com/agent/kubernetes/apm/?tab=helm#agent-environment-variables Enabled Default: true Path Default: `/var/run/datadog/dsd.socket` +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesDogstatsdUnixDomainSocketConfig { + /// Enabled enables Unix Domain Socket. Default: true + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// Path defines the socket path used when enabled. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub path: Option, +} + +/// EBPFCheck configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesEbpfCheck { + /// Enables the eBPF check. Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, +} + +/// EventCollection configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesEventCollection { + /// CollectKubernetesEvents enables Kubernetes event collection. Default: true + #[serde(default, skip_serializing_if = "Option::is_none", rename = "collectKubernetesEvents")] + pub collect_kubernetes_events: Option, +} + +/// ExternalMetricsServer configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesExternalMetricsServer { + /// Enabled enables the External Metrics Server. Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// Override the API endpoint for the External Metrics Server. URL Default: "https://app.datadoghq.com". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub endpoint: Option, + /// Port specifies the metricsProvider External Metrics Server service port. Default: 8443 + #[serde(default, skip_serializing_if = "Option::is_none")] + pub port: Option, + /// RegisterAPIService registers the External Metrics endpoint as an APIService Default: true + #[serde(default, skip_serializing_if = "Option::is_none", rename = "registerAPIService")] + pub register_api_service: Option, + /// UseDatadogMetrics enables usage of the DatadogMetrics CRD (allowing one to scale on arbitrary Datadog metric queries). Default: true + #[serde(default, skip_serializing_if = "Option::is_none", rename = "useDatadogMetrics")] + pub use_datadog_metrics: Option, + /// WPAController enables the informer and controller of the Watermark Pod Autoscaler. NOTE: The Watermark Pod Autoscaler controller needs to be installed. See also: https://github.com/DataDog/watermarkpodautoscaler. Default: false + #[serde(default, skip_serializing_if = "Option::is_none", rename = "wpaController")] + pub wpa_controller: Option, +} + +/// Override the API endpoint for the External Metrics Server. URL Default: "https://app.datadoghq.com". +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesExternalMetricsServerEndpoint { + /// Credentials defines the Datadog credentials used to submit data to/query data from Datadog. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub credentials: Option, + /// URL defines the endpoint URL. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub url: Option, +} + +/// Credentials defines the Datadog credentials used to submit data to/query data from Datadog. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesExternalMetricsServerEndpointCredentials { + /// APIKey configures your Datadog API key. See also: https://app.datadoghq.com/account/settings#agent/kubernetes + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiKey")] + pub api_key: Option, + /// APISecret references an existing Secret which stores the API key instead of creating a new one. If set, this parameter takes precedence over "APIKey". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiSecret")] + pub api_secret: Option, + /// AppKey configures your Datadog application key. If you are using features.externalMetricsServer.enabled = true, you must set a Datadog application key for read access to your metrics. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "appKey")] + pub app_key: Option, + /// AppSecret references an existing Secret which stores the application key instead of creating a new one. If set, this parameter takes precedence over "AppKey". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "appSecret")] + pub app_secret: Option, +} + +/// APISecret references an existing Secret which stores the API key instead of creating a new one. If set, this parameter takes precedence over "APIKey". +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesExternalMetricsServerEndpointCredentialsApiSecret { + /// KeyName is the key of the secret to use. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "keyName")] + pub key_name: Option, + /// SecretName is the name of the secret. + #[serde(rename = "secretName")] + pub secret_name: String, +} + +/// AppSecret references an existing Secret which stores the application key instead of creating a new one. If set, this parameter takes precedence over "AppKey". +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesExternalMetricsServerEndpointCredentialsAppSecret { + /// KeyName is the key of the secret to use. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "keyName")] + pub key_name: Option, + /// SecretName is the name of the secret. + #[serde(rename = "secretName")] + pub secret_name: String, +} + +/// HelmCheck configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesHelmCheck { + /// CollectEvents set to `true` enables event collection in the Helm check (Requires Agent 7.36.0+ and Cluster Agent 1.20.0+) Default: false + #[serde(default, skip_serializing_if = "Option::is_none", rename = "collectEvents")] + pub collect_events: Option, + /// Enabled enables the Helm check. Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// ValuesAsTags collects Helm values from a release and uses them as tags (Requires Agent and Cluster Agent 7.40.0+). Default: {} + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valuesAsTags")] + pub values_as_tags: Option>, +} + +/// KubeStateMetricsCore check configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesKubeStateMetricsCore { + /// Conf overrides the configuration for the default Kubernetes State Metrics Core check. This must point to a ConfigMap containing a valid cluster check configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conf: Option, + /// Enabled enables Kube State Metrics Core. Default: true + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, +} + +/// Conf overrides the configuration for the default Kubernetes State Metrics Core check. This must point to a ConfigMap containing a valid cluster check configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesKubeStateMetricsCoreConf { + /// ConfigData corresponds to the configuration file content. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configData")] + pub config_data: Option, + /// ConfigMap references an existing ConfigMap with the configuration file content. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, +} + +/// ConfigMap references an existing ConfigMap with the configuration file content. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesKubeStateMetricsCoreConfConfigMap { + /// Items maps a ConfigMap data `key` to a file `path` mount. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + /// Name is the name of the ConfigMap. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// Maps a string key to a path within a volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesKubeStateMetricsCoreConfConfigMapItems { + /// key is the key to project. + pub key: String, + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + pub path: String, +} + +/// LiveContainerCollection configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesLiveContainerCollection { + /// Enables container collection for the Live Container View. Default: true + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, +} + +/// LiveProcessCollection configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesLiveProcessCollection { + /// Enabled enables Process monitoring. Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// ScrubProcessArguments enables scrubbing of sensitive data in process command-lines (passwords, tokens, etc. ). Default: true + #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrubProcessArguments")] + pub scrub_process_arguments: Option, + /// StripProcessArguments enables stripping of all process arguments. Default: false + #[serde(default, skip_serializing_if = "Option::is_none", rename = "stripProcessArguments")] + pub strip_process_arguments: Option, +} + +/// LogCollection configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesLogCollection { + /// ContainerCollectAll enables Log collection from all containers. Default: false + #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerCollectAll")] + pub container_collect_all: Option, + /// ContainerCollectUsingFiles enables log collection from files in `/var/log/pods instead` of using the container runtime API. Collecting logs from files is usually the most efficient way of collecting logs. See also: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup Default: true + #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerCollectUsingFiles")] + pub container_collect_using_files: Option, + /// ContainerLogsPath allows log collection from the container log path. Set to a different path if you are not using the Docker runtime. See also: https://docs.datadoghq.com/agent/kubernetes/daemonset_setup/?tab=k8sfile#create-manifest Default: `/var/lib/docker/containers` + #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerLogsPath")] + pub container_logs_path: Option, + /// ContainerSymlinksPath allows log collection to use symbolic links in this directory to validate container ID -> pod. Default: `/var/log/containers` + #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerSymlinksPath")] + pub container_symlinks_path: Option, + /// Enabled enables Log collection. Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// OpenFilesLimit sets the maximum number of log files that the Datadog Agent tails. Increasing this limit can increase resource consumption of the Agent. See also: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup Default: 100 + #[serde(default, skip_serializing_if = "Option::is_none", rename = "openFilesLimit")] + pub open_files_limit: Option, + /// PodLogsPath allows log collection from a pod log path. Default: `/var/log/pods` + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podLogsPath")] + pub pod_logs_path: Option, + /// TempStoragePath (always mounted from the host) is used by the Agent to store information about processed log files. If the Agent is restarted, it starts tailing the log files immediately. Default: `/var/lib/datadog-agent/logs` + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tempStoragePath")] + pub temp_storage_path: Option, +} + +/// NPM (Network Performance Monitoring) configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesNpm { + /// CollectDNSStats enables DNS stat collection. Default: false + #[serde(default, skip_serializing_if = "Option::is_none", rename = "collectDNSStats")] + pub collect_dns_stats: Option, + /// EnableConntrack enables the system-probe agent to connect to the netlink/conntrack subsystem to add NAT information to connection data. See also: http://conntrack-tools.netfilter.org/ Default: false + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableConntrack")] + pub enable_conntrack: Option, + /// Enabled enables Network Performance Monitoring. Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, +} + +/// OOMKill configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesOomKill { + /// Enables the OOMKill eBPF-based check. Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, +} + +/// OrchestratorExplorer check configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesOrchestratorExplorer { + /// Conf overrides the configuration for the default Orchestrator Explorer check. This must point to a ConfigMap containing a valid cluster check configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conf: Option, + /// `CustomResources` defines custom resources for the orchestrator explorer to collect. Each item should follow the convention `group/version/kind`. For example, `datadoghq.com/v1alpha1/datadogmetrics`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customResources")] + pub custom_resources: Option>, + /// Override the API endpoint for the Orchestrator Explorer. URL Default: "https://orchestrator.datadoghq.com". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "ddUrl")] + pub dd_url: Option, + /// Enabled enables the Orchestrator Explorer. Default: true + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// Additional tags to associate with the collected data in the form of `a b c`. This is a Cluster Agent option distinct from DD_TAGS that is used in the Orchestrator Explorer. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "extraTags")] + pub extra_tags: Option>, + /// ScrubContainers enables scrubbing of sensitive container data (passwords, tokens, etc. ). Default: true + #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrubContainers")] + pub scrub_containers: Option, +} + +/// Conf overrides the configuration for the default Orchestrator Explorer check. This must point to a ConfigMap containing a valid cluster check configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesOrchestratorExplorerConf { + /// ConfigData corresponds to the configuration file content. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configData")] + pub config_data: Option, + /// ConfigMap references an existing ConfigMap with the configuration file content. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] + pub config_map: Option, +} + +/// ConfigMap references an existing ConfigMap with the configuration file content. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesOrchestratorExplorerConfConfigMap { + /// Items maps a ConfigMap data `key` to a file `path` mount. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub items: Option>, + /// Name is the name of the ConfigMap. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// Maps a string key to a path within a volume. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesOrchestratorExplorerConfConfigMapItems { + /// key is the key to project. + pub key: String, + /// mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + /// path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + pub path: String, +} + +/// OTLP ingest configuration +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesOtlp { + /// Receiver contains configuration for the OTLP ingest receiver. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub receiver: Option, +} + +/// Receiver contains configuration for the OTLP ingest receiver. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesOtlpReceiver { + /// Protocols contains configuration for the OTLP ingest receiver protocols. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub protocols: Option, +} + +/// Protocols contains configuration for the OTLP ingest receiver protocols. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesOtlpReceiverProtocols { + /// GRPC contains configuration for the OTLP ingest OTLP/gRPC receiver. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub grpc: Option, + /// HTTP contains configuration for the OTLP ingest OTLP/HTTP receiver. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub http: Option, +} + +/// GRPC contains configuration for the OTLP ingest OTLP/gRPC receiver. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesOtlpReceiverProtocolsGrpc { + /// Enable the OTLP/gRPC endpoint. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// Endpoint for OTLP/gRPC. gRPC supports several naming schemes: https://github.com/grpc/grpc/blob/master/doc/naming.md The Datadog Operator supports only 'host:port' (usually `0.0.0.0:port`). Default: `0.0.0.0:4317`. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub endpoint: Option, +} + +/// HTTP contains configuration for the OTLP ingest OTLP/HTTP receiver. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesOtlpReceiverProtocolsHttp { + /// Enable the OTLP/HTTP endpoint. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// Endpoint for OTLP/HTTP. Default: '0.0.0.0:4318'. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub endpoint: Option, +} + +/// ProcessDiscovery configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesProcessDiscovery { + /// Enabled enables the Process Discovery check in the Agent. Default: true + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, +} + +/// PrometheusScrape configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesPrometheusScrape { + /// AdditionalConfigs allows adding advanced Prometheus check configurations with custom discovery rules. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "additionalConfigs")] + pub additional_configs: Option, + /// EnableServiceEndpoints enables generating dedicated checks for service endpoints. Default: false + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableServiceEndpoints")] + pub enable_service_endpoints: Option, + /// Enable autodiscovery of pods and services exposing Prometheus metrics. Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// Version specifies the version of the OpenMetrics check. Default: 2 + #[serde(default, skip_serializing_if = "Option::is_none")] + pub version: Option, +} + +/// Remote Configuration configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesRemoteConfiguration { + /// Enable this option to activate Remote Configuration. Default: true + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, +} + +/// SBOM collection configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesSbom { + /// SBOMTypeConfig contains configuration for a SBOM collection type. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerImage")] + pub container_image: Option, + /// Enable this option to activate SBOM collection. Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// SBOMTypeConfig contains configuration for a SBOM collection type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub host: Option, +} + +/// SBOMTypeConfig contains configuration for a SBOM collection type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesSbomContainerImage { + /// Analyzers to use for SBOM collection. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub analyzers: Option>, + /// Enable this option to activate SBOM collection. Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, +} + +/// SBOMTypeConfig contains configuration for a SBOM collection type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesSbomHost { + /// Analyzers to use for SBOM collection. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub analyzers: Option>, + /// Enable this option to activate SBOM collection. Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, +} + +/// TCPQueueLength configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesTcpQueueLength { + /// Enables the TCP queue length eBPF-based check. Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, +} + +/// USM (Universal Service Monitoring) configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesUsm { + /// Enabled enables Universal Service Monitoring. Default: false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, +} + diff --git a/kube-custom-resources-rs/src/executor_testkube_io/v1/webhooks.rs b/kube-custom-resources-rs/src/executor_testkube_io/v1/webhooks.rs index d507a247e..694d30be8 100644 --- a/kube-custom-resources-rs/src/executor_testkube_io/v1/webhooks.rs +++ b/kube-custom-resources-rs/src/executor_testkube_io/v1/webhooks.rs @@ -27,6 +27,9 @@ pub struct WebhookSpec { /// webhook headers (golang template supported) #[serde(default, skip_serializing_if = "Option::is_none")] pub headers: Option>, + /// OnStateChange will trigger the webhook only when the result of the current execution differs from the previous result of the same test/test suite/workflow + #[serde(default, skip_serializing_if = "Option::is_none", rename = "onStateChange")] + pub on_state_change: Option, /// will load the generated payload for notification inside the object #[serde(default, skip_serializing_if = "Option::is_none", rename = "payloadObjectField")] pub payload_object_field: Option, diff --git a/kube-custom-resources-rs/src/external_secrets_io/v1beta1/clustersecretstores.rs b/kube-custom-resources-rs/src/external_secrets_io/v1beta1/clustersecretstores.rs index 8bd22658c..17e8d37a4 100644 --- a/kube-custom-resources-rs/src/external_secrets_io/v1beta1/clustersecretstores.rs +++ b/kube-custom-resources-rs/src/external_secrets_io/v1beta1/clustersecretstores.rs @@ -40,6 +40,9 @@ pub struct ClusterSecretStoreSpec { /// for a ClusterSecretStore instance. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreConditions { + /// Choose namespaces by using regex matching + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceRegexes")] + pub namespace_regexes: Option>, /// Choose namespace using a labelSelector #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, diff --git a/kube-custom-resources-rs/src/external_secrets_io/v1beta1/secretstores.rs b/kube-custom-resources-rs/src/external_secrets_io/v1beta1/secretstores.rs index 696980bb7..3397f3e0f 100644 --- a/kube-custom-resources-rs/src/external_secrets_io/v1beta1/secretstores.rs +++ b/kube-custom-resources-rs/src/external_secrets_io/v1beta1/secretstores.rs @@ -41,6 +41,9 @@ pub struct SecretStoreSpec { /// for a ClusterSecretStore instance. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreConditions { + /// Choose namespaces by using regex matching + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceRegexes")] + pub namespace_regexes: Option>, /// Choose namespace using a labelSelector #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, diff --git a/kube-custom-resources-rs/src/flows_netobserv_io/v1beta2/flowcollectors.rs b/kube-custom-resources-rs/src/flows_netobserv_io/v1beta2/flowcollectors.rs index 66f42e044..a877170ad 100644 --- a/kube-custom-resources-rs/src/flows_netobserv_io/v1beta2/flowcollectors.rs +++ b/kube-custom-resources-rs/src/flows_netobserv_io/v1beta2/flowcollectors.rs @@ -380,23 +380,23 @@ pub struct FlowCollectorAgentEbpfAdvancedSchedulingAffinityPodAffinityPreferredD pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -501,23 +501,23 @@ pub struct FlowCollectorAgentEbpfAdvancedSchedulingAffinityPodAffinityRequiredDu pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -653,23 +653,23 @@ pub struct FlowCollectorAgentEbpfAdvancedSchedulingAffinityPodAntiAffinityPrefer pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -774,23 +774,23 @@ pub struct FlowCollectorAgentEbpfAdvancedSchedulingAffinityPodAntiAffinityRequir pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1510,23 +1510,23 @@ pub struct FlowCollectorConsolePluginAdvancedSchedulingAffinityPodAffinityPrefer pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1631,23 +1631,23 @@ pub struct FlowCollectorConsolePluginAdvancedSchedulingAffinityPodAffinityRequir pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1783,23 +1783,23 @@ pub struct FlowCollectorConsolePluginAdvancedSchedulingAffinityPodAntiAffinityPr pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1904,23 +1904,23 @@ pub struct FlowCollectorConsolePluginAdvancedSchedulingAffinityPodAntiAffinityRe pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -3556,23 +3556,23 @@ pub struct FlowCollectorProcessorAdvancedSchedulingAffinityPodAffinityPreferredD pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -3677,23 +3677,23 @@ pub struct FlowCollectorProcessorAdvancedSchedulingAffinityPodAffinityRequiredDu pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -3829,23 +3829,23 @@ pub struct FlowCollectorProcessorAdvancedSchedulingAffinityPodAntiAffinityPrefer pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -3950,23 +3950,23 @@ pub struct FlowCollectorProcessorAdvancedSchedulingAffinityPodAntiAffinityRequir pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, diff --git a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusterinputs.rs b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusterinputs.rs index 0ac2b6dc2..d9dcc446a 100644 --- a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusterinputs.rs +++ b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusterinputs.rs @@ -37,6 +37,9 @@ pub struct ClusterInputSpec { /// HTTP defines the HTTP input plugin configuration #[serde(default, skip_serializing_if = "Option::is_none")] pub http: Option, + /// KubernetesEvents defines the KubernetesEvents input plugin configuration + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubernetesEvents")] + pub kubernetes_events: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "logLevel")] pub log_level: Option, /// MQTT defines the MQTT input plugin configuration @@ -256,6 +259,59 @@ pub struct ClusterInputHttpTlsKeyPasswordValueFromSecretKeyRef { pub optional: Option, } +/// KubernetesEvents defines the KubernetesEvents input plugin configuration +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterInputKubernetesEvents { + /// Set a database file to keep track of recorded Kubernetes events + #[serde(default, skip_serializing_if = "Option::is_none")] + pub db: Option, + /// Set a database sync method. values: extra, full, normal and off + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dbSync")] + pub db_sync: Option, + /// Set the polling interval for each channel (sub seconds: nanoseconds). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "intervalNsec")] + pub interval_nsec: Option, + /// Set the polling interval for each channel. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "intervalSec")] + pub interval_sec: Option, + /// CA certificate file + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeCAFile")] + pub kube_ca_file: Option, + /// Absolute path to scan for certificate files + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeCAPath")] + pub kube_ca_path: Option, + /// Kubernetes namespace to query events from. Gets events from all namespaces by default + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeNamespace")] + pub kube_namespace: Option, + /// kubernetes limit parameter for events query, no limit applied when set to 0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeRequestLimit")] + pub kube_request_limit: Option, + /// Kubernetes retention time for events. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeRetentionTime")] + pub kube_retention_time: Option, + /// Token file + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeTokenFile")] + pub kube_token_file: Option, + /// configurable 'time to live' for the K8s token. By default, it is set to 600 seconds. After this time, the token is reloaded from Kube_Token_File or the Kube_Token_Command. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeTokenTTL")] + pub kube_token_ttl: Option, + /// API Server end-point + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeURL")] + pub kube_url: Option, + /// Tag name associated to all records comming from this plugin. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tag: Option, + /// Debug level between 0 (nothing) and 4 (every detail). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsDebug")] + pub tls_debug: Option, + /// When enabled, turns on certificate validation when connecting to the Kubernetes API server. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsVerify")] + pub tls_verify: Option, + /// Set optional TLS virtual host. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsVhost")] + pub tls_vhost: Option, +} + /// InputSpec defines the desired state of ClusterInput #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum ClusterInputLogLevel { diff --git a/kube-custom-resources-rs/src/flux_framework_org/v1alpha2/miniclusters.rs b/kube-custom-resources-rs/src/flux_framework_org/v1alpha2/miniclusters.rs index 6bddae7e6..19e30629b 100644 --- a/kube-custom-resources-rs/src/flux_framework_org/v1alpha2/miniclusters.rs +++ b/kube-custom-resources-rs/src/flux_framework_org/v1alpha2/miniclusters.rs @@ -241,6 +241,11 @@ pub struct MiniClusterContainersVolumes { /// You should also define items if you are using this #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapName")] pub config_map_name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDir")] + pub empty_dir: Option, + /// Add an empty directory custom type + #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDirMedium")] + pub empty_dir_medium: Option, /// An existing hostPath to bind to path #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, @@ -640,6 +645,11 @@ pub struct MiniClusterServicesVolumes { /// You should also define items if you are using this #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapName")] pub config_map_name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDir")] + pub empty_dir: Option, + /// Add an empty directory custom type + #[serde(default, skip_serializing_if = "Option::is_none", rename = "emptyDirMedium")] + pub empty_dir_medium: Option, /// An existing hostPath to bind to path #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, diff --git a/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/migrations.rs b/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/migrations.rs index 1f63ef815..c96b7ab40 100644 --- a/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/migrations.rs +++ b/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/migrations.rs @@ -147,6 +147,9 @@ pub struct MigrationStatusVms { /// Only relevant for an openshift source. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, + /// The Operating System detected by virt-v2v. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "operatingSystem")] + pub operating_system: Option, /// Phase pub phase: String, /// Migration pipeline. @@ -154,6 +157,9 @@ pub struct MigrationStatusVms { /// Source VM power state before migration. #[serde(default, skip_serializing_if = "Option::is_none", rename = "restorePowerState")] pub restore_power_state: Option, + /// Choose the primary disk the VM boots from + #[serde(default, skip_serializing_if = "Option::is_none", rename = "rootDisk")] + pub root_disk: Option, /// Started timestamp. #[serde(default, skip_serializing_if = "Option::is_none")] pub started: Option, diff --git a/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/plans.rs b/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/plans.rs index 2d9fcbe90..6f267a193 100644 --- a/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/plans.rs +++ b/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/plans.rs @@ -280,6 +280,9 @@ pub struct PlanVms { /// Only relevant for an openshift source. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, + /// Choose the primary disk the VM boots from + #[serde(default, skip_serializing_if = "Option::is_none", rename = "rootDisk")] + pub root_disk: Option, /// Type used to qualify the name. #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -542,6 +545,9 @@ pub struct PlanStatusMigrationVms { /// Only relevant for an openshift source. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, + /// The Operating System detected by virt-v2v. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "operatingSystem")] + pub operating_system: Option, /// Phase pub phase: String, /// Migration pipeline. @@ -549,6 +555,9 @@ pub struct PlanStatusMigrationVms { /// Source VM power state before migration. #[serde(default, skip_serializing_if = "Option::is_none", rename = "restorePowerState")] pub restore_power_state: Option, + /// Choose the primary disk the VM boots from + #[serde(default, skip_serializing_if = "Option::is_none", rename = "rootDisk")] + pub root_disk: Option, /// Started timestamp. #[serde(default, skip_serializing_if = "Option::is_none")] pub started: Option, diff --git a/kube-custom-resources-rs/src/gitops_hybrid_cloud_patterns_io/v1alpha1/patterns.rs b/kube-custom-resources-rs/src/gitops_hybrid_cloud_patterns_io/v1alpha1/patterns.rs index 1834e2552..d995ff44f 100644 --- a/kube-custom-resources-rs/src/gitops_hybrid_cloud_patterns_io/v1alpha1/patterns.rs +++ b/kube-custom-resources-rs/src/gitops_hybrid_cloud_patterns_io/v1alpha1/patterns.rs @@ -59,18 +59,22 @@ pub struct PatternGitSpec { /// Optional. FQDN of the git server if automatic parsing from TargetRepo is broken #[serde(default, skip_serializing_if = "Option::is_none")] pub hostname: Option, - /// Upstream git repo containing the pattern to deploy. Used when in-cluster fork to point to the upstream pattern repository + /// Enable in-cluster git server (avoids the need of forking the upstream repository) + #[serde(default, skip_serializing_if = "Option::is_none", rename = "inClusterGitServer")] + pub in_cluster_git_server: Option, + /// Upstream git repo containing the pattern to deploy. Used when in-cluster fork to point to the upstream pattern repository. + /// Takes precedence over TargetRepo #[serde(default, skip_serializing_if = "Option::is_none", rename = "originRepo")] pub origin_repo: Option, - /// Branch, tag or commit in the upstream git repository. Does not support short-sha's. Default to HEAD + /// (DEPRECATED) Branch, tag or commit in the upstream git repository. Does not support short-sha's. Default to HEAD #[serde(default, skip_serializing_if = "Option::is_none", rename = "originRevision")] pub origin_revision: Option, /// Interval in seconds to poll for drifts between origin and target repositories. Default: 180 seconds #[serde(default, skip_serializing_if = "Option::is_none", rename = "pollInterval")] pub poll_interval: Option, /// Git repo containing the pattern to deploy. Must use https/http or, for ssh, git@server:foo/bar.git - #[serde(rename = "targetRepo")] - pub target_repo: String, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetRepo")] + pub target_repo: Option, /// Branch, tag, or commit to deploy. Does not support short-sha's. Default: HEAD #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetRevision")] pub target_revision: Option, diff --git a/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanadashboards.rs b/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanadashboards.rs index c93b31819..18e7df84f 100644 --- a/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanadashboards.rs +++ b/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanadashboards.rs @@ -10,6 +10,7 @@ mod prelude { } use self::prelude::*; +/// GrafanaDashboardSpec defines the desired state of GrafanaDashboard #[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] #[kube(group = "grafana.integreatly.org", version = "v1beta1", kind = "GrafanaDashboard", plural = "grafanadashboards")] #[kube(namespaced)] @@ -18,45 +19,71 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct GrafanaDashboardSpec { + /// allow to import this resources from an operator in a different namespace #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowCrossNamespaceImport")] pub allow_cross_namespace_import: Option, + /// dashboard from configmap #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapRef")] pub config_map_ref: Option, + /// Cache duration for dashboards fetched from URLs #[serde(default, skip_serializing_if = "Option::is_none", rename = "contentCacheDuration")] pub content_cache_duration: Option, + /// maps required data sources to existing ones #[serde(default, skip_serializing_if = "Option::is_none")] pub datasources: Option>, + /// environments variables from secrets or config maps #[serde(default, skip_serializing_if = "Option::is_none", rename = "envFrom")] pub env_from: Option>, + /// environments variables as a map #[serde(default, skip_serializing_if = "Option::is_none")] pub envs: Option>, + /// folder assignment for dashboard #[serde(default, skip_serializing_if = "Option::is_none")] pub folder: Option, + /// grafana.com/dashboards #[serde(default, skip_serializing_if = "Option::is_none", rename = "grafanaCom")] pub grafana_com: Option, + /// GzipJson the dashboard's JSON compressed with Gzip. Base64-encoded when in YAML. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gzipJson")] pub gzip_json: Option, + /// selects Grafanas for import #[serde(rename = "instanceSelector")] pub instance_selector: GrafanaDashboardInstanceSelector, + /// dashboard json #[serde(default, skip_serializing_if = "Option::is_none")] pub json: Option, + /// Jsonnet #[serde(default, skip_serializing_if = "Option::is_none")] pub jsonnet: Option, + /// Jsonnet project build #[serde(default, skip_serializing_if = "Option::is_none", rename = "jsonnetLib")] pub jsonnet_lib: Option, + /// plugins #[serde(default, skip_serializing_if = "Option::is_none")] pub plugins: Option>, + /// how often the dashboard is refreshed, defaults to 5m if not set #[serde(default, skip_serializing_if = "Option::is_none", rename = "resyncPeriod")] pub resync_period: Option, + /// dashboard url #[serde(default, skip_serializing_if = "Option::is_none")] pub url: Option, } +/// dashboard from configmap #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GrafanaDashboardConfigMapRef { + /// The key to select. pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, + /// Specify whether the ConfigMap or its key must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, } @@ -71,26 +98,48 @@ pub struct GrafanaDashboardDatasources { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GrafanaDashboardEnvFrom { + /// Selects a key of a ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] pub config_map_key_ref: Option, + /// Selects a key of a Secret. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] pub secret_key_ref: Option, } +/// Selects a key of a ConfigMap. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GrafanaDashboardEnvFromConfigMapKeyRef { + /// The key to select. pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, + /// Specify whether the ConfigMap or its key must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, } +/// Selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GrafanaDashboardEnvFromSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, + /// Specify whether the Secret or its key must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, } @@ -98,38 +147,64 @@ pub struct GrafanaDashboardEnvFromSecretKeyRef { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GrafanaDashboardEnvs { pub name: String, + /// Inline evn value #[serde(default, skip_serializing_if = "Option::is_none")] pub value: Option, + /// Reference on value source, might be the reference on a secret or config map #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] pub value_from: Option, } +/// Reference on value source, might be the reference on a secret or config map #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GrafanaDashboardEnvsValueFrom { + /// Selects a key of a ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] pub config_map_key_ref: Option, + /// Selects a key of a Secret. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] pub secret_key_ref: Option, } +/// Selects a key of a ConfigMap. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GrafanaDashboardEnvsValueFromConfigMapKeyRef { + /// The key to select. pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, + /// Specify whether the ConfigMap or its key must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, } +/// Selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GrafanaDashboardEnvsValueFromSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, + /// Specify whether the Secret or its key must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, } +/// grafana.com/dashboards #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GrafanaDashboardGrafanaCom { pub id: i64, @@ -137,22 +212,37 @@ pub struct GrafanaDashboardGrafanaCom { pub revision: Option, } +/// selects Grafanas for import #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GrafanaDashboardInstanceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GrafanaDashboardInstanceSelectorMatchExpressions { + /// key is the label key that the selector applies to. pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } +/// Jsonnet project build #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GrafanaDashboardJsonnetLib { #[serde(rename = "fileName")] @@ -169,8 +259,10 @@ pub struct GrafanaDashboardPlugins { pub version: String, } +/// GrafanaDashboardStatus defines the observed state of GrafanaDashboard #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GrafanaDashboardStatus { + /// The dashboard instanceSelector can't find matching grafana instances #[serde(default, skip_serializing_if = "Option::is_none", rename = "NoMatchingInstances")] pub no_matching_instances: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "contentCache")] @@ -181,6 +273,7 @@ pub struct GrafanaDashboardStatus { pub content_url: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub hash: Option, + /// Last time the dashboard was resynced #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastResync")] pub last_resync: Option, #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanadatasources.rs b/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanadatasources.rs index e060af09c..8eba9d099 100644 --- a/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanadatasources.rs +++ b/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanadatasources.rs @@ -10,6 +10,7 @@ mod prelude { } use self::prelude::*; +/// GrafanaDatasourceSpec defines the desired state of GrafanaDatasource #[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] #[kube(group = "grafana.integreatly.org", version = "v1beta1", kind = "GrafanaDatasource", plural = "grafanadatasources")] #[kube(namespaced)] @@ -18,15 +19,20 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct GrafanaDatasourceSpec { + /// allow to import this resources from an operator in a different namespace #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowCrossNamespaceImport")] pub allow_cross_namespace_import: Option, pub datasource: GrafanaDatasourceDatasource, + /// selects Grafana instances for import #[serde(rename = "instanceSelector")] pub instance_selector: GrafanaDatasourceInstanceSelector, + /// plugins #[serde(default, skip_serializing_if = "Option::is_none")] pub plugins: Option>, + /// how often the datasource is refreshed, defaults to 5m if not set #[serde(default, skip_serializing_if = "Option::is_none", rename = "resyncPeriod")] pub resync_period: Option, + /// environments variables from secrets or config maps #[serde(default, skip_serializing_if = "Option::is_none", rename = "valuesFrom")] pub values_from: Option>, } @@ -41,6 +47,7 @@ pub struct GrafanaDatasourceDatasource { pub basic_auth_user: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub database: Option, + /// Deprecated field, it has no effect #[serde(default, skip_serializing_if = "Option::is_none")] pub editable: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "isDefault")] @@ -49,6 +56,7 @@ pub struct GrafanaDatasourceDatasource { pub json_data: Option>, #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, + /// Deprecated field, it has no effect #[serde(default, skip_serializing_if = "Option::is_none", rename = "orgId")] pub org_id: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "secureJsonData")] @@ -63,18 +71,32 @@ pub struct GrafanaDatasourceDatasource { pub user: Option, } +/// selects Grafana instances for import #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GrafanaDatasourceInstanceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GrafanaDatasourceInstanceSelectorMatchExpressions { + /// key is the label key that the selector applies to. pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } @@ -95,38 +117,63 @@ pub struct GrafanaDatasourceValuesFrom { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GrafanaDatasourceValuesFromValueFrom { + /// Selects a key of a ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] pub config_map_key_ref: Option, + /// Selects a key of a Secret. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] pub secret_key_ref: Option, } +/// Selects a key of a ConfigMap. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GrafanaDatasourceValuesFromValueFromConfigMapKeyRef { + /// The key to select. pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, + /// Specify whether the ConfigMap or its key must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, } +/// Selects a key of a Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GrafanaDatasourceValuesFromValueFromSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, + /// Specify whether the Secret or its key must be defined #[serde(default, skip_serializing_if = "Option::is_none")] pub optional: Option, } +/// GrafanaDatasourceStatus defines the observed state of GrafanaDatasource #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GrafanaDatasourceStatus { + /// The datasource instanceSelector can't find matching grafana instances #[serde(default, skip_serializing_if = "Option::is_none", rename = "NoMatchingInstances")] pub no_matching_instances: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub hash: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastMessage")] pub last_message: Option, + /// Last time the datasource was resynced #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastResync")] pub last_resync: Option, #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanafolders.rs b/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanafolders.rs index 98574b408..925ced2ad 100644 --- a/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanafolders.rs +++ b/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanafolders.rs @@ -10,6 +10,7 @@ mod prelude { } use self::prelude::*; +/// GrafanaFolderSpec defines the desired state of GrafanaFolder #[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] #[kube(group = "grafana.integreatly.org", version = "v1beta1", kind = "GrafanaFolder", plural = "grafanafolders")] #[kube(namespaced)] @@ -18,40 +19,63 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct GrafanaFolderSpec { + /// allow to import this resources from an operator in a different namespace #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowCrossNamespaceImport")] pub allow_cross_namespace_import: Option, + /// selects Grafanas for import #[serde(rename = "instanceSelector")] pub instance_selector: GrafanaFolderInstanceSelector, + /// raw json with folder permissions #[serde(default, skip_serializing_if = "Option::is_none")] pub permissions: Option, + /// how often the folder is synced, defaults to 5m if not set #[serde(default, skip_serializing_if = "Option::is_none", rename = "resyncPeriod")] pub resync_period: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub title: Option, } +/// selects Grafanas for import #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GrafanaFolderInstanceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GrafanaFolderInstanceSelectorMatchExpressions { + /// key is the label key that the selector applies to. pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } +/// GrafanaFolderStatus defines the observed state of GrafanaFolder #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GrafanaFolderStatus { + /// The folder instanceSelector can't find matching grafana instances #[serde(default, skip_serializing_if = "Option::is_none", rename = "NoMatchingInstances")] pub no_matching_instances: Option, + /// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + /// Important: Run "make" to regenerate code after modifying this file #[serde(default, skip_serializing_if = "Option::is_none")] pub hash: Option, + /// Last time the folder was resynced #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastResync")] pub last_resync: Option, } diff --git a/kube-custom-resources-rs/src/hive_openshift_io/v1/hiveconfigs.rs b/kube-custom-resources-rs/src/hive_openshift_io/v1/hiveconfigs.rs index 0e45869f7..a5c8cb93c 100644 --- a/kube-custom-resources-rs/src/hive_openshift_io/v1/hiveconfigs.rs +++ b/kube-custom-resources-rs/src/hive_openshift_io/v1/hiveconfigs.rs @@ -62,6 +62,9 @@ pub struct HiveConfigSpec { /// LogLevel is the level of logging to use for the Hive controllers. Acceptable levels, from coarsest to finest, are panic, fatal, error, warn, info, debug, and trace. The default level is info. #[serde(default, skip_serializing_if = "Option::is_none", rename = "logLevel")] pub log_level: Option, + /// MachinePoolPollInterval is a string duration indicating how much time must pass before checking whether remote resources related to MachinePools need to be reapplied. Set to zero to disable polling -- we'll only reconcile when hub objects change. The default interval is 30m. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "machinePoolPollInterval")] + pub machine_pool_poll_interval: Option, /// MaintenanceMode can be set to true to disable the hive controllers in situations where we need to ensure nothing is running that will add or act upon finalizers on Hive types. This should rarely be needed. Sets replicas to 0 for the hive-controllers deployment to accomplish this. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maintenanceMode")] pub maintenance_mode: Option, diff --git a/kube-custom-resources-rs/src/k8gb_absa_oss/v1beta1/gslbs.rs b/kube-custom-resources-rs/src/k8gb_absa_oss/v1beta1/gslbs.rs index 504d34957..143446626 100644 --- a/kube-custom-resources-rs/src/k8gb_absa_oss/v1beta1/gslbs.rs +++ b/kube-custom-resources-rs/src/k8gb_absa_oss/v1beta1/gslbs.rs @@ -28,35 +28,64 @@ pub struct GslbSpec { /// Gslb-enabled Ingress Spec #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GslbIngress { - /// A default backend capable of servicing requests that don't match any rule. At least one of 'backend' or 'rules' must be specified. This field is optional to allow the loadbalancer controller or defaulting logic to specify a global default. + /// A default backend capable of servicing requests that don't match any + /// rule. At least one of 'backend' or 'rules' must be specified. This field + /// is optional to allow the loadbalancer controller or defaulting logic to + /// specify a global default. #[serde(default, skip_serializing_if = "Option::is_none")] pub backend: Option, - /// IngressClassName is the name of the IngressClass cluster resource. The associated IngressClass defines which controller will implement the resource. This replaces the deprecated `kubernetes.io/ingress.class` annotation. For backwards compatibility, when that annotation is set, it must be given precedence over this field. The controller may emit a warning if the field and annotation have different values. Implementations of this API should ignore Ingresses without a class specified. An IngressClass resource may be marked as default, which can be used to set a default value for this field. For more information, refer to the IngressClass documentation. + /// IngressClassName is the name of the IngressClass cluster resource. The + /// associated IngressClass defines which controller will implement the + /// resource. This replaces the deprecated `kubernetes.io/ingress.class` + /// annotation. For backwards compatibility, when that annotation is set, it + /// must be given precedence over this field. The controller may emit a + /// warning if the field and annotation have different values. + /// Implementations of this API should ignore Ingresses without a class + /// specified. An IngressClass resource may be marked as default, which can + /// be used to set a default value for this field. For more information, + /// refer to the IngressClass documentation. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ingressClassName")] pub ingress_class_name: Option, - /// A list of host rules used to configure the Ingress. If unspecified, or no rule matches, all traffic is sent to the default backend. + /// A list of host rules used to configure the Ingress. If unspecified, or + /// no rule matches, all traffic is sent to the default backend. #[serde(default, skip_serializing_if = "Option::is_none")] pub rules: Option>, - /// TLS configuration. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI. + /// TLS configuration. Currently the Ingress only supports a single TLS + /// port, 443. If multiple members of this list specify different hosts, they + /// will be multiplexed on the same port according to the hostname specified + /// through the SNI TLS extension, if the ingress controller fulfilling the + /// ingress supports SNI. #[serde(default, skip_serializing_if = "Option::is_none")] pub tls: Option>, } -/// A default backend capable of servicing requests that don't match any rule. At least one of 'backend' or 'rules' must be specified. This field is optional to allow the loadbalancer controller or defaulting logic to specify a global default. +/// A default backend capable of servicing requests that don't match any +/// rule. At least one of 'backend' or 'rules' must be specified. This field +/// is optional to allow the loadbalancer controller or defaulting logic to +/// specify a global default. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GslbIngressBackend { - /// Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with "Service". + /// Resource is an ObjectRef to another Kubernetes resource in the namespace + /// of the Ingress object. If resource is specified, a service.Name and + /// service.Port must not be specified. + /// This is a mutually exclusive setting with "Service". #[serde(default, skip_serializing_if = "Option::is_none")] pub resource: Option, - /// Service references a Service as a Backend. This is a mutually exclusive setting with "Resource". + /// Service references a Service as a Backend. + /// This is a mutually exclusive setting with "Resource". #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, } -/// Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with "Service". +/// Resource is an ObjectRef to another Kubernetes resource in the namespace +/// of the Ingress object. If resource is specified, a service.Name and +/// service.Port must not be specified. +/// This is a mutually exclusive setting with "Service". #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GslbIngressBackendResource { - /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + /// APIGroup is the group for the resource being referenced. + /// If APIGroup is not specified, the specified Kind must be in the core API group. + /// For any other third-party types, APIGroup is required. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] pub api_group: Option, /// Kind is the type of resource being referenced @@ -65,73 +94,140 @@ pub struct GslbIngressBackendResource { pub name: String, } -/// Service references a Service as a Backend. This is a mutually exclusive setting with "Resource". +/// Service references a Service as a Backend. +/// This is a mutually exclusive setting with "Resource". #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GslbIngressBackendService { - /// Name is the referenced service. The service must exist in the same namespace as the Ingress object. + /// Name is the referenced service. The service must exist in + /// the same namespace as the Ingress object. pub name: String, - /// Port of the referenced service. A port name or port number is required for a IngressServiceBackend. + /// Port of the referenced service. A port name or port number + /// is required for a IngressServiceBackend. #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, } -/// Port of the referenced service. A port name or port number is required for a IngressServiceBackend. +/// Port of the referenced service. A port name or port number +/// is required for a IngressServiceBackend. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GslbIngressBackendServicePort { - /// Name is the name of the port on the Service. This is a mutually exclusive setting with "Number". + /// Name is the name of the port on the Service. + /// This is a mutually exclusive setting with "Number". #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Number is the numerical port number (e.g. 80) on the Service. This is a mutually exclusive setting with "Name". + /// Number is the numerical port number (e.g. 80) on the Service. + /// This is a mutually exclusive setting with "Name". #[serde(default, skip_serializing_if = "Option::is_none")] pub number: Option, } -/// IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue. +/// IngressRule represents the rules mapping the paths under a specified host to +/// the related backend services. Incoming requests are first evaluated for a host +/// match, then routed to the backend associated with the matching IngressRuleValue. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GslbIngressRules { - /// Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the "host" part of the URI as defined in RFC 3986: 1. IPs are not allowed. Currently an IngressRuleValue can only apply to the IP in the Spec of the parent Ingress. 2. The `:` delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. Incoming requests are matched against the host before the IngressRuleValue. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. - /// Host can be "precise" which is a domain name without the terminating dot of a network host (e.g. "foo.bar.com") or "wildcard", which is a domain name prefixed with a single wildcard label (e.g. "*.foo.com"). The wildcard character '*' must appear by itself as the first DNS label and matches only a single label. You cannot have a wildcard label by itself (e.g. Host == "*"). Requests will be matched against the Host field in the following way: 1. If Host is precise, the request matches this rule if the http host header is equal to Host. 2. If Host is a wildcard, then the request matches this rule if the http host header is to equal to the suffix (removing the first label) of the wildcard rule. + /// Host is the fully qualified domain name of a network host, as defined by RFC 3986. + /// Note the following deviations from the "host" part of the + /// URI as defined in RFC 3986: + /// 1. IPs are not allowed. Currently an IngressRuleValue can only apply to + /// the IP in the Spec of the parent Ingress. + /// 2. The `:` delimiter is not respected because ports are not allowed. + /// Currently the port of an Ingress is implicitly :80 for http and + /// :443 for https. + /// Both these may change in the future. + /// Incoming requests are matched against the host before the + /// IngressRuleValue. If the host is unspecified, the Ingress routes all + /// traffic based on the specified IngressRuleValue. + /// + /// + /// Host can be "precise" which is a domain name without the terminating dot of + /// a network host (e.g. "foo.bar.com") or "wildcard", which is a domain name + /// prefixed with a single wildcard label (e.g. "*.foo.com"). + /// The wildcard character '*' must appear by itself as the first DNS label and + /// matches only a single label. You cannot have a wildcard label by itself (e.g. Host == "*"). + /// Requests will be matched against the Host field in the following way: + /// 1. If Host is precise, the request matches this rule if the http host header is equal to Host. + /// 2. If Host is a wildcard, then the request matches this rule if the http host header + /// is to equal to the suffix (removing the first label) of the wildcard rule. #[serde(default, skip_serializing_if = "Option::is_none")] pub host: Option, - /// HTTPIngressRuleValue is a list of http selectors pointing to backends. In the example: http:///? -> backend where where parts of the url correspond to RFC 3986, this resource will be used to match against everything after the last '/' and before the first '?' or '#'. + /// HTTPIngressRuleValue is a list of http selectors + /// pointing to backends. In the example: http:///? + /// -> backend where where parts of the url correspond to + /// RFC 3986, this resource will be used to match against + /// everything after the last '/' and before the first '?' + /// or '#'. pub http: GslbIngressRulesHttp, } -/// HTTPIngressRuleValue is a list of http selectors pointing to backends. In the example: http:///? -> backend where where parts of the url correspond to RFC 3986, this resource will be used to match against everything after the last '/' and before the first '?' or '#'. +/// HTTPIngressRuleValue is a list of http selectors +/// pointing to backends. In the example: http:///? +/// -> backend where where parts of the url correspond to +/// RFC 3986, this resource will be used to match against +/// everything after the last '/' and before the first '?' +/// or '#'. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GslbIngressRulesHttp { /// A collection of paths that map requests to backends. pub paths: Vec, } -/// HTTPIngressPath associates a path with a backend. Incoming urls matching the path are forwarded to the backend. +/// HTTPIngressPath associates a path with a backend. Incoming urls matching the +/// path are forwarded to the backend. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GslbIngressRulesHttpPaths { - /// Backend defines the referenced service endpoint to which the traffic will be forwarded to. + /// Backend defines the referenced service endpoint to which the traffic + /// will be forwarded to. pub backend: GslbIngressRulesHttpPathsBackend, - /// Path is matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/' and must be present when using PathType with value "Exact" or "Prefix". + /// Path is matched against the path of an incoming request. Currently it can + /// contain characters disallowed from the conventional "path" part of a URL + /// as defined by RFC 3986. Paths must begin with a '/' and must be present + /// when using PathType with value "Exact" or "Prefix". #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// PathType determines the interpretation of the Path matching. PathType can be one of the following values: * Exact: Matches the URL path exactly. * Prefix: Matches based on a URL path prefix split by '/'. Matching is done on a path element by element basis. A path element refers is the list of labels in the path split by the '/' separator. A request is a match for path p if every p is an element-wise prefix of p of the request path. Note that if the last element of the path is a substring of the last element in request path, it is not a match (e.g. /foo/bar matches /foo/bar/baz, but does not match /foo/barbaz). * ImplementationSpecific: Interpretation of the Path matching is up to the IngressClass. Implementations can treat this as a separate PathType or treat it identically to Prefix or Exact path types. Implementations are required to support all path types. + /// PathType determines the interpretation of the Path matching. PathType can + /// be one of the following values: + /// * Exact: Matches the URL path exactly. + /// * Prefix: Matches based on a URL path prefix split by '/'. Matching is + /// done on a path element by element basis. A path element refers is the + /// list of labels in the path split by the '/' separator. A request is a + /// match for path p if every p is an element-wise prefix of p of the + /// request path. Note that if the last element of the path is a substring + /// of the last element in request path, it is not a match (e.g. /foo/bar + /// matches /foo/bar/baz, but does not match /foo/barbaz). + /// * ImplementationSpecific: Interpretation of the Path matching is up to + /// the IngressClass. Implementations can treat this as a separate PathType + /// or treat it identically to Prefix or Exact path types. + /// Implementations are required to support all path types. #[serde(rename = "pathType")] pub path_type: String, } -/// Backend defines the referenced service endpoint to which the traffic will be forwarded to. +/// Backend defines the referenced service endpoint to which the traffic +/// will be forwarded to. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GslbIngressRulesHttpPathsBackend { - /// Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with "Service". + /// Resource is an ObjectRef to another Kubernetes resource in the namespace + /// of the Ingress object. If resource is specified, a service.Name and + /// service.Port must not be specified. + /// This is a mutually exclusive setting with "Service". #[serde(default, skip_serializing_if = "Option::is_none")] pub resource: Option, - /// Service references a Service as a Backend. This is a mutually exclusive setting with "Resource". + /// Service references a Service as a Backend. + /// This is a mutually exclusive setting with "Resource". #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, } -/// Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with "Service". +/// Resource is an ObjectRef to another Kubernetes resource in the namespace +/// of the Ingress object. If resource is specified, a service.Name and +/// service.Port must not be specified. +/// This is a mutually exclusive setting with "Service". #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GslbIngressRulesHttpPathsBackendResource { - /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + /// APIGroup is the group for the resource being referenced. + /// If APIGroup is not specified, the specified Kind must be in the core API group. + /// For any other third-party types, APIGroup is required. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] pub api_group: Option, /// Kind is the type of resource being referenced @@ -140,23 +236,29 @@ pub struct GslbIngressRulesHttpPathsBackendResource { pub name: String, } -/// Service references a Service as a Backend. This is a mutually exclusive setting with "Resource". +/// Service references a Service as a Backend. +/// This is a mutually exclusive setting with "Resource". #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GslbIngressRulesHttpPathsBackendService { - /// Name is the referenced service. The service must exist in the same namespace as the Ingress object. + /// Name is the referenced service. The service must exist in + /// the same namespace as the Ingress object. pub name: String, - /// Port of the referenced service. A port name or port number is required for a IngressServiceBackend. + /// Port of the referenced service. A port name or port number + /// is required for a IngressServiceBackend. #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, } -/// Port of the referenced service. A port name or port number is required for a IngressServiceBackend. +/// Port of the referenced service. A port name or port number +/// is required for a IngressServiceBackend. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GslbIngressRulesHttpPathsBackendServicePort { - /// Name is the name of the port on the Service. This is a mutually exclusive setting with "Number". + /// Name is the name of the port on the Service. + /// This is a mutually exclusive setting with "Number". #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Number is the numerical port number (e.g. 80) on the Service. This is a mutually exclusive setting with "Name". + /// Number is the numerical port number (e.g. 80) on the Service. + /// This is a mutually exclusive setting with "Name". #[serde(default, skip_serializing_if = "Option::is_none")] pub number: Option, } @@ -164,10 +266,17 @@ pub struct GslbIngressRulesHttpPathsBackendServicePort { /// IngressTLS describes the transport layer security associated with an Ingress. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GslbIngressTls { - /// Hosts are a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified. + /// Hosts are a list of hosts included in the TLS certificate. The values in + /// this list must match the name/s used in the tlsSecret. Defaults to the + /// wildcard host setting for the loadbalancer controller fulfilling this + /// Ingress, if left unspecified. #[serde(default, skip_serializing_if = "Option::is_none")] pub hosts: Option>, - /// SecretName is the name of the secret used to terminate TLS traffic on port 443. Field is left optional to allow TLS routing based on SNI hostname alone. If the SNI host in a listener conflicts with the "Host" header field used by an IngressRule, the SNI host is used for termination and value of the Host header is used for routing. + /// SecretName is the name of the secret used to terminate TLS traffic on + /// port 443. Field is left optional to allow TLS routing based on SNI + /// hostname alone. If the SNI host in a listener conflicts with the "Host" + /// header field used by an IngressRule, the SNI host is used for termination + /// and value of the Host header is used for routing. #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretName")] pub secret_name: Option, } diff --git a/kube-custom-resources-rs/src/k8s_nginx_org/v1/policies.rs b/kube-custom-resources-rs/src/k8s_nginx_org/v1/policies.rs index 556984c0a..708fa20dd 100644 --- a/kube-custom-resources-rs/src/k8s_nginx_org/v1/policies.rs +++ b/kube-custom-resources-rs/src/k8s_nginx_org/v1/policies.rs @@ -23,6 +23,9 @@ pub struct PolicySpec { /// AccessControl defines an access policy based on the source IP of a request. #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessControl")] pub access_control: Option, + /// APIKey defines an API Key policy. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiKey")] + pub api_key: Option, /// BasicAuth holds HTTP Basic authentication configuration /// policy status: preview #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] @@ -58,6 +61,25 @@ pub struct PolicyAccessControl { pub deny: Option>, } +/// APIKey defines an API Key policy. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyApiKey { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientSecret")] + pub client_secret: Option, + /// SuppliedIn defines the locations API Key should be supplied in. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "suppliedIn")] + pub supplied_in: Option, +} + +/// SuppliedIn defines the locations API Key should be supplied in. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PolicyApiKeySuppliedIn { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub header: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub query: Option>, +} + /// BasicAuth holds HTTP Basic authentication configuration /// policy status: preview #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/kueue_x_k8s_io/v1beta1/admissionchecks.rs b/kube-custom-resources-rs/src/kueue_x_k8s_io/v1beta1/admissionchecks.rs index 401d93b48..f9fa89442 100644 --- a/kube-custom-resources-rs/src/kueue_x_k8s_io/v1beta1/admissionchecks.rs +++ b/kube-custom-resources-rs/src/kueue_x_k8s_io/v1beta1/admissionchecks.rs @@ -18,23 +18,24 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct AdmissionCheckSpec { - /// controllerName is name of the controller which will actually perform - /// the checks. This is the name with which controller identifies with, - /// not necessarily a K8S Pod or Deployment name. Cannot be empty. + /// controllerName identifies the controller that processes the AdmissionCheck, + /// not necessarily a Kubernetes Pod or Deployment name. Cannot be empty. #[serde(rename = "controllerName")] pub controller_name: String, - /// Parameters identifies the resource providing additional check parameters. + /// Parameters identifies a configuration with additional parameters for the + /// check. #[serde(default, skip_serializing_if = "Option::is_none")] pub parameters: Option, - /// RetryDelayMinutes specifies how long to keep the workload suspended - /// after a failed check (after it transitioned to False). - /// After that the check state goes to "Unknown". + /// RetryDelayMinutes **deprecated** specifies how long to keep the workload suspended after + /// a failed check (after it transitioned to False). When the delay period has passed, the check + /// state goes to "Unknown". The default is 15 min. /// The default is 15 min. #[serde(default, skip_serializing_if = "Option::is_none", rename = "retryDelayMinutes")] pub retry_delay_minutes: Option, } -/// Parameters identifies the resource providing additional check parameters. +/// Parameters identifies a configuration with additional parameters for the +/// check. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AdmissionCheckParameters { /// ApiGroup is the group for the resource being referenced. diff --git a/kube-custom-resources-rs/src/kyverno_io/v1/clusterpolicies.rs b/kube-custom-resources-rs/src/kyverno_io/v1/clusterpolicies.rs index 5345897ee..d7fd060c8 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v1/clusterpolicies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v1/clusterpolicies.rs @@ -34,10 +34,7 @@ pub struct ClusterPolicySpec { /// uses variables that are only available in the admission review request (e.g. user name). #[serde(default, skip_serializing_if = "Option::is_none")] pub background: Option, - /// FailurePolicy defines how unexpected policy errors and webhook response timeout errors are handled. - /// Rules within the same policy share the same failure behavior. - /// This field should not be accessed directly, instead `GetFailurePolicy()` should be used. - /// Allowed values are Ignore or Fail. Defaults to Fail. + /// Deprecated, use failurePolicy under the webhookConfiguration instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failurePolicy")] pub failure_policy: Option, /// Deprecated, use generateExisting under the generate rule instead @@ -46,8 +43,7 @@ pub struct ClusterPolicySpec { /// Deprecated, use generateExisting instead #[serde(default, skip_serializing_if = "Option::is_none", rename = "generateExistingOnPolicyUpdate")] pub generate_existing_on_policy_update: Option, - /// MutateExistingOnPolicyUpdate controls if a mutateExisting policy is applied on policy events. - /// Default value is "false". + /// Deprecated, use mutateExistingOnPolicyUpdate under the mutate rule instead #[serde(default, skip_serializing_if = "Option::is_none", rename = "mutateExistingOnPolicyUpdate")] pub mutate_existing_on_policy_update: Option, /// Rules is a list of Rule instances. A Policy contains multiple rules and @@ -73,12 +69,9 @@ pub struct ClusterPolicySpec { #[serde(default, skip_serializing_if = "Option::is_none", rename = "validationFailureActionOverrides")] pub validation_failure_action_overrides: Option>, /// WebhookConfiguration specifies the custom configuration for Kubernetes admission webhookconfiguration. - /// Requires Kubernetes 1.27 or later. #[serde(default, skip_serializing_if = "Option::is_none", rename = "webhookConfiguration")] pub webhook_configuration: Option, - /// WebhookTimeoutSeconds specifies the maximum time in seconds allowed to apply this policy. - /// After the configured time expires, the admission request may fail, or may simply ignore the policy results, - /// based on the failure policy. The default timeout is 10s, the value must be between 1 and 30 seconds. + /// Deprecated, use webhookTimeoutSeconds under webhookConfiguration instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "webhookTimeoutSeconds")] pub webhook_timeout_seconds: Option, } @@ -1395,6 +1388,9 @@ pub struct ClusterPolicyRulesMutate { /// ForEach applies mutation rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. #[serde(default, skip_serializing_if = "Option::is_none")] pub foreach: Option>, + /// MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mutateExistingOnPolicyUpdate")] + pub mutate_existing_on_policy_update: Option, /// PatchStrategicMerge is a strategic merge patch used to modify resources. /// See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/ /// and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/. @@ -2947,6 +2943,10 @@ pub struct ClusterPolicyRulesVerifyImages { /// Attestors specified the required attestors (i.e. authorities) #[serde(default, skip_serializing_if = "Option::is_none")] pub attestors: Option>, + /// CosignOCI11 enables the experimental OCI 1.1 behaviour in cosign image verification. + /// Defaults to false. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cosignOCI11")] + pub cosign_oci11: Option, /// Deprecated. Use ImageReferences instead. #[serde(default, skip_serializing_if = "Option::is_none")] pub image: Option, @@ -3679,12 +3679,30 @@ pub struct ClusterPolicyValidationFailureActionOverridesNamespaceSelectorMatchEx } /// WebhookConfiguration specifies the custom configuration for Kubernetes admission webhookconfiguration. -/// Requires Kubernetes 1.27 or later. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterPolicyWebhookConfiguration { + /// FailurePolicy defines how unexpected policy errors and webhook response timeout errors are handled. + /// Rules within the same policy share the same failure behavior. + /// This field should not be accessed directly, instead `GetFailurePolicy()` should be used. + /// Allowed values are Ignore or Fail. Defaults to Fail. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "failurePolicy")] + pub failure_policy: Option, /// MatchCondition configures admission webhook matchConditions. + /// Requires Kubernetes 1.27 or later. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchConditions")] pub match_conditions: Option>, + /// TimeoutSeconds specifies the maximum time in seconds allowed to apply this policy. + /// After the configured time expires, the admission request may fail, or may simply ignore the policy results, + /// based on the failure policy. The default timeout is 10s, the value must be between 1 and 30 seconds. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "timeoutSeconds")] + pub timeout_seconds: Option, +} + +/// WebhookConfiguration specifies the custom configuration for Kubernetes admission webhookconfiguration. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterPolicyWebhookConfigurationFailurePolicy { + Ignore, + Fail, } /// MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook. @@ -5044,6 +5062,9 @@ pub struct ClusterPolicyStatusAutogenRulesMutate { /// ForEach applies mutation rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. #[serde(default, skip_serializing_if = "Option::is_none")] pub foreach: Option>, + /// MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mutateExistingOnPolicyUpdate")] + pub mutate_existing_on_policy_update: Option, /// PatchStrategicMerge is a strategic merge patch used to modify resources. /// See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/ /// and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/. @@ -6596,6 +6617,10 @@ pub struct ClusterPolicyStatusAutogenRulesVerifyImages { /// Attestors specified the required attestors (i.e. authorities) #[serde(default, skip_serializing_if = "Option::is_none")] pub attestors: Option>, + /// CosignOCI11 enables the experimental OCI 1.1 behaviour in cosign image verification. + /// Defaults to false. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cosignOCI11")] + pub cosign_oci11: Option, /// Deprecated. Use ImageReferences instead. #[serde(default, skip_serializing_if = "Option::is_none")] pub image: Option, diff --git a/kube-custom-resources-rs/src/kyverno_io/v1/policies.rs b/kube-custom-resources-rs/src/kyverno_io/v1/policies.rs index 07a8d8c0c..92daac449 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v1/policies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v1/policies.rs @@ -35,10 +35,7 @@ pub struct PolicySpec { /// uses variables that are only available in the admission review request (e.g. user name). #[serde(default, skip_serializing_if = "Option::is_none")] pub background: Option, - /// FailurePolicy defines how unexpected policy errors and webhook response timeout errors are handled. - /// Rules within the same policy share the same failure behavior. - /// This field should not be accessed directly, instead `GetFailurePolicy()` should be used. - /// Allowed values are Ignore or Fail. Defaults to Fail. + /// Deprecated, use failurePolicy under the webhookConfiguration instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failurePolicy")] pub failure_policy: Option, /// Deprecated, use generateExisting under the generate rule instead @@ -47,8 +44,7 @@ pub struct PolicySpec { /// Deprecated, use generateExisting instead #[serde(default, skip_serializing_if = "Option::is_none", rename = "generateExistingOnPolicyUpdate")] pub generate_existing_on_policy_update: Option, - /// MutateExistingOnPolicyUpdate controls if a mutateExisting policy is applied on policy events. - /// Default value is "false". + /// Deprecated, use mutateExistingOnPolicyUpdate under the mutate rule instead #[serde(default, skip_serializing_if = "Option::is_none", rename = "mutateExistingOnPolicyUpdate")] pub mutate_existing_on_policy_update: Option, /// Rules is a list of Rule instances. A Policy contains multiple rules and @@ -74,12 +70,9 @@ pub struct PolicySpec { #[serde(default, skip_serializing_if = "Option::is_none", rename = "validationFailureActionOverrides")] pub validation_failure_action_overrides: Option>, /// WebhookConfiguration specifies the custom configuration for Kubernetes admission webhookconfiguration. - /// Requires Kubernetes 1.27 or later. #[serde(default, skip_serializing_if = "Option::is_none", rename = "webhookConfiguration")] pub webhook_configuration: Option, - /// WebhookTimeoutSeconds specifies the maximum time in seconds allowed to apply this policy. - /// After the configured time expires, the admission request may fail, or may simply ignore the policy results, - /// based on the failure policy. The default timeout is 10s, the value must be between 1 and 30 seconds. + /// Deprecated, use webhookTimeoutSeconds under webhookConfiguration instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "webhookTimeoutSeconds")] pub webhook_timeout_seconds: Option, } @@ -1396,6 +1389,9 @@ pub struct PolicyRulesMutate { /// ForEach applies mutation rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. #[serde(default, skip_serializing_if = "Option::is_none")] pub foreach: Option>, + /// MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mutateExistingOnPolicyUpdate")] + pub mutate_existing_on_policy_update: Option, /// PatchStrategicMerge is a strategic merge patch used to modify resources. /// See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/ /// and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/. @@ -2948,6 +2944,10 @@ pub struct PolicyRulesVerifyImages { /// Attestors specified the required attestors (i.e. authorities) #[serde(default, skip_serializing_if = "Option::is_none")] pub attestors: Option>, + /// CosignOCI11 enables the experimental OCI 1.1 behaviour in cosign image verification. + /// Defaults to false. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cosignOCI11")] + pub cosign_oci11: Option, /// Deprecated. Use ImageReferences instead. #[serde(default, skip_serializing_if = "Option::is_none")] pub image: Option, @@ -3680,12 +3680,30 @@ pub struct PolicyValidationFailureActionOverridesNamespaceSelectorMatchExpressio } /// WebhookConfiguration specifies the custom configuration for Kubernetes admission webhookconfiguration. -/// Requires Kubernetes 1.27 or later. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PolicyWebhookConfiguration { + /// FailurePolicy defines how unexpected policy errors and webhook response timeout errors are handled. + /// Rules within the same policy share the same failure behavior. + /// This field should not be accessed directly, instead `GetFailurePolicy()` should be used. + /// Allowed values are Ignore or Fail. Defaults to Fail. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "failurePolicy")] + pub failure_policy: Option, /// MatchCondition configures admission webhook matchConditions. + /// Requires Kubernetes 1.27 or later. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchConditions")] pub match_conditions: Option>, + /// TimeoutSeconds specifies the maximum time in seconds allowed to apply this policy. + /// After the configured time expires, the admission request may fail, or may simply ignore the policy results, + /// based on the failure policy. The default timeout is 10s, the value must be between 1 and 30 seconds. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "timeoutSeconds")] + pub timeout_seconds: Option, +} + +/// WebhookConfiguration specifies the custom configuration for Kubernetes admission webhookconfiguration. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PolicyWebhookConfigurationFailurePolicy { + Ignore, + Fail, } /// MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook. @@ -5045,6 +5063,9 @@ pub struct PolicyStatusAutogenRulesMutate { /// ForEach applies mutation rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. #[serde(default, skip_serializing_if = "Option::is_none")] pub foreach: Option>, + /// MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mutateExistingOnPolicyUpdate")] + pub mutate_existing_on_policy_update: Option, /// PatchStrategicMerge is a strategic merge patch used to modify resources. /// See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/ /// and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/. @@ -6597,6 +6618,10 @@ pub struct PolicyStatusAutogenRulesVerifyImages { /// Attestors specified the required attestors (i.e. authorities) #[serde(default, skip_serializing_if = "Option::is_none")] pub attestors: Option>, + /// CosignOCI11 enables the experimental OCI 1.1 behaviour in cosign image verification. + /// Defaults to false. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cosignOCI11")] + pub cosign_oci11: Option, /// Deprecated. Use ImageReferences instead. #[serde(default, skip_serializing_if = "Option::is_none")] pub image: Option, diff --git a/kube-custom-resources-rs/src/kyverno_io/v2beta1/clusterpolicies.rs b/kube-custom-resources-rs/src/kyverno_io/v2beta1/clusterpolicies.rs index 4c52aff20..14584884f 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v2beta1/clusterpolicies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v2beta1/clusterpolicies.rs @@ -34,9 +34,7 @@ pub struct ClusterPolicySpec { /// uses variables that are only available in the admission review request (e.g. user name). #[serde(default, skip_serializing_if = "Option::is_none")] pub background: Option, - /// FailurePolicy defines how unexpected policy errors and webhook response timeout errors are handled. - /// Rules within the same policy share the same failure behavior. - /// Allowed values are Ignore or Fail. Defaults to Fail. + /// Deprecated, use failurePolicy under the webhookConfiguration instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failurePolicy")] pub failure_policy: Option, /// Deprecated, use generateExisting under the generate rule instead @@ -45,8 +43,7 @@ pub struct ClusterPolicySpec { /// Deprecated, use generateExisting instead #[serde(default, skip_serializing_if = "Option::is_none", rename = "generateExistingOnPolicyUpdate")] pub generate_existing_on_policy_update: Option, - /// MutateExistingOnPolicyUpdate controls if a mutateExisting policy is applied on policy events. - /// Default value is "false". + /// Deprecated, use mutateExistingOnPolicyUpdate under the mutate rule instead #[serde(default, skip_serializing_if = "Option::is_none", rename = "mutateExistingOnPolicyUpdate")] pub mutate_existing_on_policy_update: Option, /// Rules is a list of Rule instances. A Policy contains multiple rules and @@ -72,12 +69,9 @@ pub struct ClusterPolicySpec { #[serde(default, skip_serializing_if = "Option::is_none", rename = "validationFailureActionOverrides")] pub validation_failure_action_overrides: Option>, /// WebhookConfiguration specifies the custom configuration for Kubernetes admission webhookconfiguration. - /// Requires Kubernetes 1.27 or later. #[serde(default, skip_serializing_if = "Option::is_none", rename = "webhookConfiguration")] pub webhook_configuration: Option, - /// WebhookTimeoutSeconds specifies the maximum time in seconds allowed to apply this policy. - /// After the configured time expires, the admission request may fail, or may simply ignore the policy results, - /// based on the failure policy. The default timeout is 10s, the value must be between 1 and 30 seconds. + /// Deprecated, use webhookTimeoutSeconds under webhookConfiguration instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "webhookTimeoutSeconds")] pub webhook_timeout_seconds: Option, } @@ -1098,6 +1092,9 @@ pub struct ClusterPolicyRulesMutate { /// ForEach applies mutation rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. #[serde(default, skip_serializing_if = "Option::is_none")] pub foreach: Option>, + /// MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mutateExistingOnPolicyUpdate")] + pub mutate_existing_on_policy_update: Option, /// PatchStrategicMerge is a strategic merge patch used to modify resources. /// See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/ /// and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/. @@ -3548,12 +3545,30 @@ pub struct ClusterPolicyValidationFailureActionOverridesNamespaceSelectorMatchEx } /// WebhookConfiguration specifies the custom configuration for Kubernetes admission webhookconfiguration. -/// Requires Kubernetes 1.27 or later. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterPolicyWebhookConfiguration { + /// FailurePolicy defines how unexpected policy errors and webhook response timeout errors are handled. + /// Rules within the same policy share the same failure behavior. + /// This field should not be accessed directly, instead `GetFailurePolicy()` should be used. + /// Allowed values are Ignore or Fail. Defaults to Fail. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "failurePolicy")] + pub failure_policy: Option, /// MatchCondition configures admission webhook matchConditions. + /// Requires Kubernetes 1.27 or later. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchConditions")] pub match_conditions: Option>, + /// TimeoutSeconds specifies the maximum time in seconds allowed to apply this policy. + /// After the configured time expires, the admission request may fail, or may simply ignore the policy results, + /// based on the failure policy. The default timeout is 10s, the value must be between 1 and 30 seconds. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "timeoutSeconds")] + pub timeout_seconds: Option, +} + +/// WebhookConfiguration specifies the custom configuration for Kubernetes admission webhookconfiguration. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterPolicyWebhookConfigurationFailurePolicy { + Ignore, + Fail, } /// MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook. @@ -4913,6 +4928,9 @@ pub struct ClusterPolicyStatusAutogenRulesMutate { /// ForEach applies mutation rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. #[serde(default, skip_serializing_if = "Option::is_none")] pub foreach: Option>, + /// MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mutateExistingOnPolicyUpdate")] + pub mutate_existing_on_policy_update: Option, /// PatchStrategicMerge is a strategic merge patch used to modify resources. /// See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/ /// and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/. @@ -6465,6 +6483,10 @@ pub struct ClusterPolicyStatusAutogenRulesVerifyImages { /// Attestors specified the required attestors (i.e. authorities) #[serde(default, skip_serializing_if = "Option::is_none")] pub attestors: Option>, + /// CosignOCI11 enables the experimental OCI 1.1 behaviour in cosign image verification. + /// Defaults to false. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cosignOCI11")] + pub cosign_oci11: Option, /// Deprecated. Use ImageReferences instead. #[serde(default, skip_serializing_if = "Option::is_none")] pub image: Option, diff --git a/kube-custom-resources-rs/src/kyverno_io/v2beta1/policies.rs b/kube-custom-resources-rs/src/kyverno_io/v2beta1/policies.rs index a2ad42672..dad1ef5f5 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v2beta1/policies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v2beta1/policies.rs @@ -35,9 +35,7 @@ pub struct PolicySpec { /// uses variables that are only available in the admission review request (e.g. user name). #[serde(default, skip_serializing_if = "Option::is_none")] pub background: Option, - /// FailurePolicy defines how unexpected policy errors and webhook response timeout errors are handled. - /// Rules within the same policy share the same failure behavior. - /// Allowed values are Ignore or Fail. Defaults to Fail. + /// Deprecated, use failurePolicy under the webhookConfiguration instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failurePolicy")] pub failure_policy: Option, /// Deprecated, use generateExisting under the generate rule instead @@ -46,8 +44,7 @@ pub struct PolicySpec { /// Deprecated, use generateExisting instead #[serde(default, skip_serializing_if = "Option::is_none", rename = "generateExistingOnPolicyUpdate")] pub generate_existing_on_policy_update: Option, - /// MutateExistingOnPolicyUpdate controls if a mutateExisting policy is applied on policy events. - /// Default value is "false". + /// Deprecated, use mutateExistingOnPolicyUpdate under the mutate rule instead #[serde(default, skip_serializing_if = "Option::is_none", rename = "mutateExistingOnPolicyUpdate")] pub mutate_existing_on_policy_update: Option, /// Rules is a list of Rule instances. A Policy contains multiple rules and @@ -73,12 +70,9 @@ pub struct PolicySpec { #[serde(default, skip_serializing_if = "Option::is_none", rename = "validationFailureActionOverrides")] pub validation_failure_action_overrides: Option>, /// WebhookConfiguration specifies the custom configuration for Kubernetes admission webhookconfiguration. - /// Requires Kubernetes 1.27 or later. #[serde(default, skip_serializing_if = "Option::is_none", rename = "webhookConfiguration")] pub webhook_configuration: Option, - /// WebhookTimeoutSeconds specifies the maximum time in seconds allowed to apply this policy. - /// After the configured time expires, the admission request may fail, or may simply ignore the policy results, - /// based on the failure policy. The default timeout is 10s, the value must be between 1 and 30 seconds. + /// Deprecated, use webhookTimeoutSeconds under webhookConfiguration instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "webhookTimeoutSeconds")] pub webhook_timeout_seconds: Option, } @@ -1099,6 +1093,9 @@ pub struct PolicyRulesMutate { /// ForEach applies mutation rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. #[serde(default, skip_serializing_if = "Option::is_none")] pub foreach: Option>, + /// MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mutateExistingOnPolicyUpdate")] + pub mutate_existing_on_policy_update: Option, /// PatchStrategicMerge is a strategic merge patch used to modify resources. /// See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/ /// and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/. @@ -3549,12 +3546,30 @@ pub struct PolicyValidationFailureActionOverridesNamespaceSelectorMatchExpressio } /// WebhookConfiguration specifies the custom configuration for Kubernetes admission webhookconfiguration. -/// Requires Kubernetes 1.27 or later. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PolicyWebhookConfiguration { + /// FailurePolicy defines how unexpected policy errors and webhook response timeout errors are handled. + /// Rules within the same policy share the same failure behavior. + /// This field should not be accessed directly, instead `GetFailurePolicy()` should be used. + /// Allowed values are Ignore or Fail. Defaults to Fail. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "failurePolicy")] + pub failure_policy: Option, /// MatchCondition configures admission webhook matchConditions. + /// Requires Kubernetes 1.27 or later. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchConditions")] pub match_conditions: Option>, + /// TimeoutSeconds specifies the maximum time in seconds allowed to apply this policy. + /// After the configured time expires, the admission request may fail, or may simply ignore the policy results, + /// based on the failure policy. The default timeout is 10s, the value must be between 1 and 30 seconds. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "timeoutSeconds")] + pub timeout_seconds: Option, +} + +/// WebhookConfiguration specifies the custom configuration for Kubernetes admission webhookconfiguration. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PolicyWebhookConfigurationFailurePolicy { + Ignore, + Fail, } /// MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook. @@ -4914,6 +4929,9 @@ pub struct PolicyStatusAutogenRulesMutate { /// ForEach applies mutation rules to a list of sub-elements by creating a context for each entry in the list and looping over it to apply the specified logic. #[serde(default, skip_serializing_if = "Option::is_none")] pub foreach: Option>, + /// MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mutateExistingOnPolicyUpdate")] + pub mutate_existing_on_policy_update: Option, /// PatchStrategicMerge is a strategic merge patch used to modify resources. /// See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/ /// and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/. @@ -6466,6 +6484,10 @@ pub struct PolicyStatusAutogenRulesVerifyImages { /// Attestors specified the required attestors (i.e. authorities) #[serde(default, skip_serializing_if = "Option::is_none")] pub attestors: Option>, + /// CosignOCI11 enables the experimental OCI 1.1 behaviour in cosign image verification. + /// Defaults to false. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cosignOCI11")] + pub cosign_oci11: Option, /// Deprecated. Use ImageReferences instead. #[serde(default, skip_serializing_if = "Option::is_none")] pub image: Option, diff --git a/kube-custom-resources-rs/src/logging_banzaicloud_io/v1alpha1/clusterflows.rs b/kube-custom-resources-rs/src/logging_banzaicloud_io/v1alpha1/clusterflows.rs index ea91fbacb..6bf25291f 100644 --- a/kube-custom-resources-rs/src/logging_banzaicloud_io/v1alpha1/clusterflows.rs +++ b/kube-custom-resources-rs/src/logging_banzaicloud_io/v1alpha1/clusterflows.rs @@ -1038,6 +1038,8 @@ pub struct ClusterFlowMatchExclude { #[serde(default, skip_serializing_if = "Option::is_none")] pub labels: Option>, #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace_labels: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, } @@ -1050,6 +1052,8 @@ pub struct ClusterFlowMatchSelect { #[serde(default, skip_serializing_if = "Option::is_none")] pub labels: Option>, #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace_labels: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, } diff --git a/kube-custom-resources-rs/src/logging_banzaicloud_io/v1alpha1/flows.rs b/kube-custom-resources-rs/src/logging_banzaicloud_io/v1alpha1/flows.rs index 48b1dfb01..30e8fe795 100644 --- a/kube-custom-resources-rs/src/logging_banzaicloud_io/v1alpha1/flows.rs +++ b/kube-custom-resources-rs/src/logging_banzaicloud_io/v1alpha1/flows.rs @@ -1039,6 +1039,8 @@ pub struct FlowMatchExclude { pub hosts: Option>, #[serde(default, skip_serializing_if = "Option::is_none")] pub labels: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace_labels: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/logging_banzaicloud_io/v1beta1/clusterflows.rs b/kube-custom-resources-rs/src/logging_banzaicloud_io/v1beta1/clusterflows.rs index d930f01a4..389f27db9 100644 --- a/kube-custom-resources-rs/src/logging_banzaicloud_io/v1beta1/clusterflows.rs +++ b/kube-custom-resources-rs/src/logging_banzaicloud_io/v1beta1/clusterflows.rs @@ -1038,6 +1038,8 @@ pub struct ClusterFlowMatchExclude { #[serde(default, skip_serializing_if = "Option::is_none")] pub labels: Option>, #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace_labels: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, } @@ -1050,6 +1052,8 @@ pub struct ClusterFlowMatchSelect { #[serde(default, skip_serializing_if = "Option::is_none")] pub labels: Option>, #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace_labels: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option>, } diff --git a/kube-custom-resources-rs/src/logging_banzaicloud_io/v1beta1/flows.rs b/kube-custom-resources-rs/src/logging_banzaicloud_io/v1beta1/flows.rs index 4cd128d9e..fd13aaf20 100644 --- a/kube-custom-resources-rs/src/logging_banzaicloud_io/v1beta1/flows.rs +++ b/kube-custom-resources-rs/src/logging_banzaicloud_io/v1beta1/flows.rs @@ -1039,6 +1039,8 @@ pub struct FlowMatchExclude { pub hosts: Option>, #[serde(default, skip_serializing_if = "Option::is_none")] pub labels: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace_labels: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/prometheuses.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/prometheuses.rs index dc7e77aec..51b0e305a 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/prometheuses.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/prometheuses.rs @@ -132,6 +132,10 @@ pub struct PrometheusSpec { pub base_image: Option, /// BodySizeLimit defines per-scrape on response body size. /// Only valid in Prometheus versions 2.45.0 and newer. + /// + /// + /// Note that the global limit only applies to scrape objects that don't specify an explicit limit value. + /// If you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bodySizeLimit")] pub body_size_limit: Option, /// ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus @@ -207,6 +211,13 @@ pub struct PrometheusSpec { /// /// /// It requires Prometheus >= v2.28.0. + /// + /// + /// When both `enforcedBodySizeLimit` and `bodySizeLimit` are defined and greater than zero, the following rules apply: + /// * Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0). + /// If Prometheus version is >= 2.45.0 and the `enforcedBodySizeLimit` is greater than the `bodySizeLimit`, the `bodySizeLimit` will be set to `enforcedBodySizeLimit`. + /// * Scrape objects with a bodySizeLimit value less than or equal to enforcedBodySizeLimit keep their specific value. + /// * Scrape objects with a bodySizeLimit value greater than enforcedBodySizeLimit are set to enforcedBodySizeLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enforcedBodySizeLimit")] pub enforced_body_size_limit: Option, /// When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets @@ -217,6 +228,13 @@ pub struct PrometheusSpec { /// /// /// It requires Prometheus >= v2.47.0. + /// + /// + /// When both `enforcedKeepDroppedTargets` and `keepDroppedTargets` are defined and greater than zero, the following rules apply: + /// * Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0). + /// If Prometheus version is >= 2.45.0 and the `enforcedKeepDroppedTargets` is greater than the `keepDroppedTargets`, the `keepDroppedTargets` will be set to `enforcedKeepDroppedTargets`. + /// * Scrape objects with a keepDroppedTargets value less than or equal to enforcedKeepDroppedTargets keep their specific value. + /// * Scrape objects with a keepDroppedTargets value greater than enforcedKeepDroppedTargets are set to enforcedKeepDroppedTargets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enforcedKeepDroppedTargets")] pub enforced_keep_dropped_targets: Option, /// When defined, enforcedLabelLimit specifies a global limit on the number @@ -226,6 +244,13 @@ pub struct PrometheusSpec { /// /// /// It requires Prometheus >= v2.27.0. + /// + /// + /// When both `enforcedLabelLimit` and `labelLimit` are defined and greater than zero, the following rules apply: + /// * Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0). + /// If Prometheus version is >= 2.45.0 and the `enforcedLabelLimit` is greater than the `labelLimit`, the `labelLimit` will be set to `enforcedLabelLimit`. + /// * Scrape objects with a labelLimit value less than or equal to enforcedLabelLimit keep their specific value. + /// * Scrape objects with a labelLimit value greater than enforcedLabelLimit are set to enforcedLabelLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enforcedLabelLimit")] pub enforced_label_limit: Option, /// When defined, enforcedLabelNameLengthLimit specifies a global limit on the length @@ -235,6 +260,13 @@ pub struct PrometheusSpec { /// /// /// It requires Prometheus >= v2.27.0. + /// + /// + /// When both `enforcedLabelNameLengthLimit` and `labelNameLengthLimit` are defined and greater than zero, the following rules apply: + /// * Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0). + /// If Prometheus version is >= 2.45.0 and the `enforcedLabelNameLengthLimit` is greater than the `labelNameLengthLimit`, the `labelNameLengthLimit` will be set to `enforcedLabelNameLengthLimit`. + /// * Scrape objects with a labelNameLengthLimit value less than or equal to enforcedLabelNameLengthLimit keep their specific value. + /// * Scrape objects with a labelNameLengthLimit value greater than enforcedLabelNameLengthLimit are set to enforcedLabelNameLengthLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enforcedLabelNameLengthLimit")] pub enforced_label_name_length_limit: Option, /// When not null, enforcedLabelValueLengthLimit defines a global limit on the length @@ -244,6 +276,13 @@ pub struct PrometheusSpec { /// /// /// It requires Prometheus >= v2.27.0. + /// + /// + /// When both `enforcedLabelValueLengthLimit` and `labelValueLengthLimit` are defined and greater than zero, the following rules apply: + /// * Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0). + /// If Prometheus version is >= 2.45.0 and the `enforcedLabelValueLengthLimit` is greater than the `labelValueLengthLimit`, the `labelValueLengthLimit` will be set to `enforcedLabelValueLengthLimit`. + /// * Scrape objects with a labelValueLengthLimit value less than or equal to enforcedLabelValueLengthLimit keep their specific value. + /// * Scrape objects with a labelValueLengthLimit value greater than enforcedLabelValueLengthLimit are set to enforcedLabelValueLengthLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enforcedLabelValueLengthLimit")] pub enforced_label_value_length_limit: Option, /// When not empty, a label will be added to: @@ -272,6 +311,13 @@ pub struct PrometheusSpec { /// /// It is meant to be used by admins to keep the overall number of /// samples/series under a desired limit. + /// + /// + /// When both `enforcedSampleLimit` and `sampleLimit` are defined and greater than zero, the following rules apply: + /// * Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0). + /// If Prometheus version is >= 2.45.0 and the `enforcedSampleLimit` is greater than the `sampleLimit`, the `sampleLimit` will be set to `enforcedSampleLimit`. + /// * Scrape objects with a sampleLimit value less than or equal to enforcedSampleLimit keep their specific value. + /// * Scrape objects with a sampleLimit value greater than enforcedSampleLimit are set to enforcedSampleLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enforcedSampleLimit")] pub enforced_sample_limit: Option, /// When defined, enforcedTargetLimit specifies a global limit on the number @@ -282,6 +328,13 @@ pub struct PrometheusSpec { /// /// It is meant to be used by admins to to keep the overall number of /// targets under a desired limit. + /// + /// + /// When both `enforcedTargetLimit` and `targetLimit` are defined and greater than zero, the following rules apply: + /// * Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0). + /// If Prometheus version is >= 2.45.0 and the `enforcedTargetLimit` is greater than the `targetLimit`, the `targetLimit` will be set to `enforcedTargetLimit`. + /// * Scrape objects with a targetLimit value less than or equal to enforcedTargetLimit keep their specific value. + /// * Scrape objects with a targetLimit value greater than enforcedTargetLimit are set to enforcedTargetLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enforcedTargetLimit")] pub enforced_target_limit: Option, /// Interval between rule evaluations. @@ -377,18 +430,34 @@ pub struct PrometheusSpec { /// /// /// It requires Prometheus >= v2.47.0. + /// + /// + /// Note that the global limit only applies to scrape objects that don't specify an explicit limit value. + /// If you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keepDroppedTargets")] pub keep_dropped_targets: Option, /// Per-scrape limit on number of labels that will be accepted for a sample. /// Only valid in Prometheus versions 2.45.0 and newer. + /// + /// + /// Note that the global limit only applies to scrape objects that don't specify an explicit limit value. + /// If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelLimit")] pub label_limit: Option, /// Per-scrape limit on length of labels name that will be accepted for a sample. /// Only valid in Prometheus versions 2.45.0 and newer. + /// + /// + /// Note that the global limit only applies to scrape objects that don't specify an explicit limit value. + /// If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelNameLengthLimit")] pub label_name_length_limit: Option, /// Per-scrape limit on length of labels value that will be accepted for a sample. /// Only valid in Prometheus versions 2.45.0 and newer. + /// + /// + /// Note that the global limit only applies to scrape objects that don't specify an explicit limit value. + /// If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelValueLengthLimit")] pub label_value_length_limit: Option, /// When true, the Prometheus server listens on the loopback address @@ -595,6 +664,10 @@ pub struct PrometheusSpec { pub rules: Option, /// SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. /// Only valid in Prometheus versions 2.45.0 and newer. + /// + /// + /// Note that the global limit only applies to scrape objects that don't specify an explicit limit value. + /// If you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "sampleLimit")] pub sample_limit: Option, /// List of scrape classes to expose to scraping objects such as @@ -711,6 +784,10 @@ pub struct PrometheusSpec { pub tag: Option, /// TargetLimit defines a limit on the number of scraped targets that will be accepted. /// Only valid in Prometheus versions 2.45.0 and newer. + /// + /// + /// Note that the global limit only applies to scrape objects that don't specify an explicit limit value. + /// If you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetLimit")] pub target_limit: Option, /// Defines the configuration of the optional Thanos sidecar. @@ -5349,6 +5426,14 @@ pub struct PrometheusRemoteRead { /// It requires Prometheus >= v2.15.0. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, + /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + /// that should be excluded from proxying. IP and domain names can + /// contain port numbers. + /// + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] + pub no_proxy: Option, /// OAuth2 configuration for the URL. /// /// @@ -5358,7 +5443,24 @@ pub struct PrometheusRemoteRead { /// Cannot be set at the same time as `authorization`, or `basicAuth`. #[serde(default, skip_serializing_if = "Option::is_none")] pub oauth2: Option, - /// Optional ProxyURL. + /// ProxyConnectHeader optionally specifies headers to send to + /// proxies during CONNECT requests. + /// + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] + pub proxy_connect_header: Option>, + /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + /// If unset, Prometheus uses its default value. + /// + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] + pub proxy_from_environment: Option, + /// `proxyURL` defines the HTTP proxy server to use. + /// + /// + /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] pub proxy_url: Option, /// Whether reads should be made for queries for time ranges that @@ -5579,6 +5681,25 @@ pub struct PrometheusRemoteReadOauth2ClientSecret { pub optional: Option, } +/// SecretKeySelector selects a key of a Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PrometheusRemoteReadProxyConnectHeader { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + /// TLS Config to use for the URL. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusRemoteReadTlsConfig { @@ -5769,6 +5890,12 @@ pub struct PrometheusRemoteWrite { /// Whether to enable HTTP2. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] pub enable_http2: Option, + /// Configure whether HTTP requests follow HTTP 3xx redirects. + /// + /// + /// It requires Prometheus >= v2.26.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] + pub follow_redirects: Option, /// Custom HTTP headers to be sent along with each remote write request. /// Be aware that headers that are set by Prometheus itself can't be overwritten. /// @@ -5786,6 +5913,14 @@ pub struct PrometheusRemoteWrite { /// It requires Prometheus >= v2.15.0. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, + /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + /// that should be excluded from proxying. IP and domain names can + /// contain port numbers. + /// + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] + pub no_proxy: Option, /// OAuth2 configuration for the URL. /// /// @@ -5795,7 +5930,24 @@ pub struct PrometheusRemoteWrite { /// Cannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`. #[serde(default, skip_serializing_if = "Option::is_none")] pub oauth2: Option, - /// Optional ProxyURL. + /// ProxyConnectHeader optionally specifies headers to send to + /// proxies during CONNECT requests. + /// + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] + pub proxy_connect_header: Option>, + /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + /// If unset, Prometheus uses its default value. + /// + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] + pub proxy_from_environment: Option, + /// `proxyURL` defines the HTTP proxy server to use. + /// + /// + /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] pub proxy_url: Option, /// QueueConfig allows tuning of the remote write queue parameters. @@ -6155,6 +6307,25 @@ pub struct PrometheusRemoteWriteOauth2ClientSecret { pub optional: Option, } +/// SecretKeySelector selects a key of a Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PrometheusRemoteWriteProxyConnectHeader { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + /// QueueConfig allows tuning of the remote write queue parameters. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusRemoteWriteQueueConfig { diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/alertmanagerconfigs.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/alertmanagerconfigs.rs index 650d947ca..c78ced9b8 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/alertmanagerconfigs.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/alertmanagerconfigs.rs @@ -2333,6 +2333,9 @@ pub struct AlertmanagerConfigReceiversPushoverConfigs { /// It requires Alertmanager >= v0.26.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tokenFile")] pub token_file: Option, + /// The time to live definition for the alert notification + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, /// A supplementary URL shown alongside the message. #[serde(default, skip_serializing_if = "Option::is_none")] pub url: Option, diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/prometheusagents.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/prometheusagents.rs index f5f37db40..2efbf5aa7 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/prometheusagents.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/prometheusagents.rs @@ -81,6 +81,10 @@ pub struct PrometheusAgentSpec { pub automount_service_account_token: Option, /// BodySizeLimit defines per-scrape on response body size. /// Only valid in Prometheus versions 2.45.0 and newer. + /// + /// + /// Note that the global limit only applies to scrape objects that don't specify an explicit limit value. + /// If you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bodySizeLimit")] pub body_size_limit: Option, /// ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus @@ -140,6 +144,13 @@ pub struct PrometheusAgentSpec { /// /// /// It requires Prometheus >= v2.28.0. + /// + /// + /// When both `enforcedBodySizeLimit` and `bodySizeLimit` are defined and greater than zero, the following rules apply: + /// * Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0). + /// If Prometheus version is >= 2.45.0 and the `enforcedBodySizeLimit` is greater than the `bodySizeLimit`, the `bodySizeLimit` will be set to `enforcedBodySizeLimit`. + /// * Scrape objects with a bodySizeLimit value less than or equal to enforcedBodySizeLimit keep their specific value. + /// * Scrape objects with a bodySizeLimit value greater than enforcedBodySizeLimit are set to enforcedBodySizeLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enforcedBodySizeLimit")] pub enforced_body_size_limit: Option, /// When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets @@ -150,6 +161,13 @@ pub struct PrometheusAgentSpec { /// /// /// It requires Prometheus >= v2.47.0. + /// + /// + /// When both `enforcedKeepDroppedTargets` and `keepDroppedTargets` are defined and greater than zero, the following rules apply: + /// * Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0). + /// If Prometheus version is >= 2.45.0 and the `enforcedKeepDroppedTargets` is greater than the `keepDroppedTargets`, the `keepDroppedTargets` will be set to `enforcedKeepDroppedTargets`. + /// * Scrape objects with a keepDroppedTargets value less than or equal to enforcedKeepDroppedTargets keep their specific value. + /// * Scrape objects with a keepDroppedTargets value greater than enforcedKeepDroppedTargets are set to enforcedKeepDroppedTargets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enforcedKeepDroppedTargets")] pub enforced_keep_dropped_targets: Option, /// When defined, enforcedLabelLimit specifies a global limit on the number @@ -159,6 +177,13 @@ pub struct PrometheusAgentSpec { /// /// /// It requires Prometheus >= v2.27.0. + /// + /// + /// When both `enforcedLabelLimit` and `labelLimit` are defined and greater than zero, the following rules apply: + /// * Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0). + /// If Prometheus version is >= 2.45.0 and the `enforcedLabelLimit` is greater than the `labelLimit`, the `labelLimit` will be set to `enforcedLabelLimit`. + /// * Scrape objects with a labelLimit value less than or equal to enforcedLabelLimit keep their specific value. + /// * Scrape objects with a labelLimit value greater than enforcedLabelLimit are set to enforcedLabelLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enforcedLabelLimit")] pub enforced_label_limit: Option, /// When defined, enforcedLabelNameLengthLimit specifies a global limit on the length @@ -168,6 +193,13 @@ pub struct PrometheusAgentSpec { /// /// /// It requires Prometheus >= v2.27.0. + /// + /// + /// When both `enforcedLabelNameLengthLimit` and `labelNameLengthLimit` are defined and greater than zero, the following rules apply: + /// * Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0). + /// If Prometheus version is >= 2.45.0 and the `enforcedLabelNameLengthLimit` is greater than the `labelNameLengthLimit`, the `labelNameLengthLimit` will be set to `enforcedLabelNameLengthLimit`. + /// * Scrape objects with a labelNameLengthLimit value less than or equal to enforcedLabelNameLengthLimit keep their specific value. + /// * Scrape objects with a labelNameLengthLimit value greater than enforcedLabelNameLengthLimit are set to enforcedLabelNameLengthLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enforcedLabelNameLengthLimit")] pub enforced_label_name_length_limit: Option, /// When not null, enforcedLabelValueLengthLimit defines a global limit on the length @@ -177,6 +209,13 @@ pub struct PrometheusAgentSpec { /// /// /// It requires Prometheus >= v2.27.0. + /// + /// + /// When both `enforcedLabelValueLengthLimit` and `labelValueLengthLimit` are defined and greater than zero, the following rules apply: + /// * Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0). + /// If Prometheus version is >= 2.45.0 and the `enforcedLabelValueLengthLimit` is greater than the `labelValueLengthLimit`, the `labelValueLengthLimit` will be set to `enforcedLabelValueLengthLimit`. + /// * Scrape objects with a labelValueLengthLimit value less than or equal to enforcedLabelValueLengthLimit keep their specific value. + /// * Scrape objects with a labelValueLengthLimit value greater than enforcedLabelValueLengthLimit are set to enforcedLabelValueLengthLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enforcedLabelValueLengthLimit")] pub enforced_label_value_length_limit: Option, /// When not empty, a label will be added to: @@ -205,6 +244,13 @@ pub struct PrometheusAgentSpec { /// /// It is meant to be used by admins to keep the overall number of /// samples/series under a desired limit. + /// + /// + /// When both `enforcedSampleLimit` and `sampleLimit` are defined and greater than zero, the following rules apply: + /// * Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0). + /// If Prometheus version is >= 2.45.0 and the `enforcedSampleLimit` is greater than the `sampleLimit`, the `sampleLimit` will be set to `enforcedSampleLimit`. + /// * Scrape objects with a sampleLimit value less than or equal to enforcedSampleLimit keep their specific value. + /// * Scrape objects with a sampleLimit value greater than enforcedSampleLimit are set to enforcedSampleLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enforcedSampleLimit")] pub enforced_sample_limit: Option, /// When defined, enforcedTargetLimit specifies a global limit on the number @@ -215,6 +261,13 @@ pub struct PrometheusAgentSpec { /// /// It is meant to be used by admins to to keep the overall number of /// targets under a desired limit. + /// + /// + /// When both `enforcedTargetLimit` and `targetLimit` are defined and greater than zero, the following rules apply: + /// * Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0). + /// If Prometheus version is >= 2.45.0 and the `enforcedTargetLimit` is greater than the `targetLimit`, the `targetLimit` will be set to `enforcedTargetLimit`. + /// * Scrape objects with a targetLimit value less than or equal to enforcedTargetLimit keep their specific value. + /// * Scrape objects with a targetLimit value greater than enforcedTargetLimit are set to enforcedTargetLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enforcedTargetLimit")] pub enforced_target_limit: Option, /// List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects @@ -302,18 +355,34 @@ pub struct PrometheusAgentSpec { /// /// /// It requires Prometheus >= v2.47.0. + /// + /// + /// Note that the global limit only applies to scrape objects that don't specify an explicit limit value. + /// If you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "keepDroppedTargets")] pub keep_dropped_targets: Option, /// Per-scrape limit on number of labels that will be accepted for a sample. /// Only valid in Prometheus versions 2.45.0 and newer. + /// + /// + /// Note that the global limit only applies to scrape objects that don't specify an explicit limit value. + /// If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelLimit")] pub label_limit: Option, /// Per-scrape limit on length of labels name that will be accepted for a sample. /// Only valid in Prometheus versions 2.45.0 and newer. + /// + /// + /// Note that the global limit only applies to scrape objects that don't specify an explicit limit value. + /// If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelNameLengthLimit")] pub label_name_length_limit: Option, /// Per-scrape limit on length of labels value that will be accepted for a sample. /// Only valid in Prometheus versions 2.45.0 and newer. + /// + /// + /// Note that the global limit only applies to scrape objects that don't specify an explicit limit value. + /// If you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelValueLengthLimit")] pub label_value_length_limit: Option, /// When true, the Prometheus server listens on the loopback address @@ -479,6 +548,10 @@ pub struct PrometheusAgentSpec { pub route_prefix: Option, /// SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. /// Only valid in Prometheus versions 2.45.0 and newer. + /// + /// + /// Note that the global limit only applies to scrape objects that don't specify an explicit limit value. + /// If you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "sampleLimit")] pub sample_limit: Option, /// List of scrape classes to expose to scraping objects such as @@ -589,6 +662,10 @@ pub struct PrometheusAgentSpec { pub storage: Option, /// TargetLimit defines a limit on the number of scraped targets that will be accepted. /// Only valid in Prometheus versions 2.45.0 and newer. + /// + /// + /// Note that the global limit only applies to scrape objects that don't specify an explicit limit value. + /// If you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetLimit")] pub target_limit: Option, /// Defines the Pods' tolerations if specified. @@ -4512,6 +4589,12 @@ pub struct PrometheusAgentRemoteWrite { /// Whether to enable HTTP2. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] pub enable_http2: Option, + /// Configure whether HTTP requests follow HTTP 3xx redirects. + /// + /// + /// It requires Prometheus >= v2.26.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] + pub follow_redirects: Option, /// Custom HTTP headers to be sent along with each remote write request. /// Be aware that headers that are set by Prometheus itself can't be overwritten. /// @@ -4529,6 +4612,14 @@ pub struct PrometheusAgentRemoteWrite { /// It requires Prometheus >= v2.15.0. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, + /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + /// that should be excluded from proxying. IP and domain names can + /// contain port numbers. + /// + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] + pub no_proxy: Option, /// OAuth2 configuration for the URL. /// /// @@ -4538,7 +4629,24 @@ pub struct PrometheusAgentRemoteWrite { /// Cannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`. #[serde(default, skip_serializing_if = "Option::is_none")] pub oauth2: Option, - /// Optional ProxyURL. + /// ProxyConnectHeader optionally specifies headers to send to + /// proxies during CONNECT requests. + /// + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyConnectHeader")] + pub proxy_connect_header: Option>, + /// Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + /// If unset, Prometheus uses its default value. + /// + /// + /// It requires Prometheus >= v2.43.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] + pub proxy_from_environment: Option, + /// `proxyURL` defines the HTTP proxy server to use. + /// + /// + /// It requires Prometheus >= v2.43.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] pub proxy_url: Option, /// QueueConfig allows tuning of the remote write queue parameters. @@ -4898,6 +5006,25 @@ pub struct PrometheusAgentRemoteWriteOauth2ClientSecret { pub optional: Option, } +/// SecretKeySelector selects a key of a Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PrometheusAgentRemoteWriteProxyConnectHeader { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + /// QueueConfig allows tuning of the remote write queue parameters. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusAgentRemoteWriteQueueConfig { diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1beta1/alertmanagerconfigs.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1beta1/alertmanagerconfigs.rs index 05075fae6..415400fd0 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1beta1/alertmanagerconfigs.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1beta1/alertmanagerconfigs.rs @@ -2196,6 +2196,9 @@ pub struct AlertmanagerConfigReceiversPushoverConfigs { /// It requires Alertmanager >= v0.26.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tokenFile")] pub token_file: Option, + /// The time to live definition for the alert notification + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, /// A supplementary URL shown alongside the message. #[serde(default, skip_serializing_if = "Option::is_none")] pub url: Option, diff --git a/kube-custom-resources-rs/src/operator_cryostat_io/v1beta2/cryostats.rs b/kube-custom-resources-rs/src/operator_cryostat_io/v1beta2/cryostats.rs index e0528841a..d1dea8331 100644 --- a/kube-custom-resources-rs/src/operator_cryostat_io/v1beta2/cryostats.rs +++ b/kube-custom-resources-rs/src/operator_cryostat_io/v1beta2/cryostats.rs @@ -69,7 +69,7 @@ pub struct CryostatSpec { /// permitted to access and profile. Defaults to this Cryostat's namespace. /// Warning: All Cryostat users will be able to create and manage /// recordings for workloads in the listed namespaces. - /// More details: https://github.com/cryostatio/cryostat-operator/blob/v2.4.0/docs/multi-namespace.md#data-isolation + /// More details: https://github.com/cryostatio/cryostat-operator/blob/v3.0.0/docs/config.md#data-isolation #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetNamespaces")] pub target_namespaces: Option>, /// List of TLS certificates to trust when connecting to targets. diff --git a/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgclusters.rs b/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgclusters.rs index d60b70f7a..11f089ff7 100644 --- a/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgclusters.rs +++ b/kube-custom-resources-rs/src/pgv2_percona_com/v2/perconapgclusters.rs @@ -6403,8 +6403,7 @@ pub struct PerconaPGClusterExtensions { pub builtin: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub custom: Option>, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub image: Option, + pub image: String, /// PullPolicy describes a policy for if/when to pull a container image #[serde(default, skip_serializing_if = "Option::is_none", rename = "imagePullPolicy")] pub image_pull_policy: Option, diff --git a/kube-custom-resources-rs/src/postgres_operator_crunchydata_com/v1beta1/pgadmins.rs b/kube-custom-resources-rs/src/postgres_operator_crunchydata_com/v1beta1/pgadmins.rs index ee806e752..0e911fde3 100644 --- a/kube-custom-resources-rs/src/postgres_operator_crunchydata_com/v1beta1/pgadmins.rs +++ b/kube-custom-resources-rs/src/postgres_operator_crunchydata_com/v1beta1/pgadmins.rs @@ -198,9 +198,15 @@ pub struct PGAdminAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecu /// Required. A pod affinity term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PGAdminAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -212,7 +218,7 @@ pub struct PGAdminAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecu pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PGAdminAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -261,9 +267,15 @@ pub struct PGAdminAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecu /// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PGAdminAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -275,7 +287,7 @@ pub struct PGAdminAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecut pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PGAdminAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -345,9 +357,15 @@ pub struct PGAdminAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringE /// Required. A pod affinity term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PGAdminAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -359,7 +377,7 @@ pub struct PGAdminAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringE pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PGAdminAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -408,9 +426,15 @@ pub struct PGAdminAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringE /// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PGAdminAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -422,7 +446,7 @@ pub struct PGAdminAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringEx pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PGAdminAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -504,6 +528,12 @@ pub struct PGAdminConfigConfigDatabaseUri { /// Projection that may be projected along with other supported volume types #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PGAdminConfigFiles { + /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. + /// Alpha, gated by the ClusterTrustBundleProjection feature gate. + /// ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. + /// Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterTrustBundle")] + pub cluster_trust_bundle: Option, /// configMap information about the configMap data to project #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] pub config_map: Option, @@ -518,6 +548,51 @@ pub struct PGAdminConfigFiles { pub service_account_token: Option, } +/// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. +/// Alpha, gated by the ClusterTrustBundleProjection feature gate. +/// ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. +/// Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PGAdminConfigFilesClusterTrustBundle { + /// Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, + /// Relative path from the volume root to write the bundle. + pub path: String, + /// Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signerName")] + pub signer_name: Option, +} + +/// Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything". +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PGAdminConfigFilesClusterTrustBundleLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PGAdminConfigFilesClusterTrustBundleLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// configMap information about the configMap data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PGAdminConfigFilesConfigMap { @@ -555,7 +630,7 @@ pub struct PGAdminConfigFilesDownwardApi { /// DownwardAPIVolumeFile represents information to create the file containing the pod field #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PGAdminConfigFilesDownwardApiItems { - /// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. + /// Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, /// Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. @@ -568,7 +643,7 @@ pub struct PGAdminConfigFilesDownwardApiItems { pub resource_field_ref: Option, } -/// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +/// Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PGAdminConfigFilesDownwardApiItemsFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -650,10 +725,10 @@ pub struct PGAdminDataVolumeClaimSpec { /// accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] pub access_modes: Option>, - /// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. + /// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSource")] pub data_source: Option, - /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSourceRef")] pub data_source_ref: Option, /// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -665,6 +740,9 @@ pub struct PGAdminDataVolumeClaimSpec { /// storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] pub storage_class_name: Option, + /// volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] + pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] pub volume_mode: Option, @@ -673,7 +751,7 @@ pub struct PGAdminDataVolumeClaimSpec { pub volume_name: Option, } -/// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. +/// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PGAdminDataVolumeClaimSpecDataSource { /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. @@ -685,7 +763,7 @@ pub struct PGAdminDataVolumeClaimSpecDataSource { pub name: String, } -/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PGAdminDataVolumeClaimSpecDataSourceRef { /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. @@ -695,6 +773,9 @@ pub struct PGAdminDataVolumeClaimSpecDataSourceRef { pub kind: String, /// Name is the name of resource being referenced pub name: String, + /// Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, } /// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -703,7 +784,7 @@ pub struct PGAdminDataVolumeClaimSpecResources { /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } @@ -759,14 +840,26 @@ pub struct PGAdminMetadata { /// Resource requirements for the PGAdmin container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PGAdminResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PGAdminResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + pub name: String, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PGAdminServerGroups { /// The name for the ServerGroup in pgAdmin. Must be unique in the pgAdmin's ServerGroups since it becomes the ServerGroup name in pgAdmin. diff --git a/kube-custom-resources-rs/src/postgres_operator_crunchydata_com/v1beta1/pgupgrades.rs b/kube-custom-resources-rs/src/postgres_operator_crunchydata_com/v1beta1/pgupgrades.rs index 15e5b37c1..28bc7921b 100644 --- a/kube-custom-resources-rs/src/postgres_operator_crunchydata_com/v1beta1/pgupgrades.rs +++ b/kube-custom-resources-rs/src/postgres_operator_crunchydata_com/v1beta1/pgupgrades.rs @@ -195,9 +195,15 @@ pub struct PGUpgradeAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExe /// Required. A pod affinity term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PGUpgradeAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -209,7 +215,7 @@ pub struct PGUpgradeAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExe pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PGUpgradeAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -258,9 +264,15 @@ pub struct PGUpgradeAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExe /// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PGUpgradeAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -272,7 +284,7 @@ pub struct PGUpgradeAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExec pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PGUpgradeAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -342,9 +354,15 @@ pub struct PGUpgradeAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDurin /// Required. A pod affinity term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PGUpgradeAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -356,7 +374,7 @@ pub struct PGUpgradeAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDurin pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PGUpgradeAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -405,9 +423,15 @@ pub struct PGUpgradeAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDurin /// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PGUpgradeAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -419,7 +443,7 @@ pub struct PGUpgradeAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuring pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PGUpgradeAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -493,14 +517,26 @@ pub struct PGUpgradeMetadata { /// Resource requirements for the PGUpgrade container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PGUpgradeResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PGUpgradeResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + pub name: String, +} + /// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PGUpgradeTolerations { diff --git a/kube-custom-resources-rs/src/postgres_operator_crunchydata_com/v1beta1/postgresclusters.rs b/kube-custom-resources-rs/src/postgres_operator_crunchydata_com/v1beta1/postgresclusters.rs index f6ed7f7b0..f8c5b6c5d 100644 --- a/kube-custom-resources-rs/src/postgres_operator_crunchydata_com/v1beta1/postgresclusters.rs +++ b/kube-custom-resources-rs/src/postgres_operator_crunchydata_com/v1beta1/postgresclusters.rs @@ -144,6 +144,12 @@ pub struct PostgresClusterBackupsPgbackrest { /// Projection that may be projected along with other supported volume types #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestConfiguration { + /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. + /// Alpha, gated by the ClusterTrustBundleProjection feature gate. + /// ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. + /// Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterTrustBundle")] + pub cluster_trust_bundle: Option, /// configMap information about the configMap data to project #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] pub config_map: Option, @@ -158,6 +164,51 @@ pub struct PostgresClusterBackupsPgbackrestConfiguration { pub service_account_token: Option, } +/// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. +/// Alpha, gated by the ClusterTrustBundleProjection feature gate. +/// ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. +/// Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterBackupsPgbackrestConfigurationClusterTrustBundle { + /// Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, + /// Relative path from the volume root to write the bundle. + pub path: String, + /// Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signerName")] + pub signer_name: Option, +} + +/// Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything". +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterBackupsPgbackrestConfigurationClusterTrustBundleLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterBackupsPgbackrestConfigurationClusterTrustBundleLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// configMap information about the configMap data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestConfigurationConfigMap { @@ -195,7 +246,7 @@ pub struct PostgresClusterBackupsPgbackrestConfigurationDownwardApi { /// DownwardAPIVolumeFile represents information to create the file containing the pod field #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestConfigurationDownwardApiItems { - /// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. + /// Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, /// Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. @@ -208,7 +259,7 @@ pub struct PostgresClusterBackupsPgbackrestConfigurationDownwardApiItems { pub resource_field_ref: Option, } -/// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +/// Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestConfigurationDownwardApiItemsFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -427,9 +478,15 @@ pub struct PostgresClusterBackupsPgbackrestJobsAffinityPodAffinityPreferredDurin /// Required. A pod affinity term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestJobsAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -441,7 +498,7 @@ pub struct PostgresClusterBackupsPgbackrestJobsAffinityPodAffinityPreferredDurin pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestJobsAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -490,9 +547,15 @@ pub struct PostgresClusterBackupsPgbackrestJobsAffinityPodAffinityPreferredDurin /// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestJobsAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -504,7 +567,7 @@ pub struct PostgresClusterBackupsPgbackrestJobsAffinityPodAffinityRequiredDuring pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestJobsAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -574,9 +637,15 @@ pub struct PostgresClusterBackupsPgbackrestJobsAffinityPodAntiAffinityPreferredD /// Required. A pod affinity term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestJobsAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -588,7 +657,7 @@ pub struct PostgresClusterBackupsPgbackrestJobsAffinityPodAntiAffinityPreferredD pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestJobsAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -637,9 +706,15 @@ pub struct PostgresClusterBackupsPgbackrestJobsAffinityPodAntiAffinityPreferredD /// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestJobsAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -651,7 +726,7 @@ pub struct PostgresClusterBackupsPgbackrestJobsAffinityPodAntiAffinityRequiredDu pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestJobsAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -700,14 +775,26 @@ pub struct PostgresClusterBackupsPgbackrestJobsAffinityPodAntiAffinityRequiredDu /// Resource limits for backup jobs. Includes manual, scheduled and replica create backups #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestJobsResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterBackupsPgbackrestJobsResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + pub name: String, +} + /// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestJobsTolerations { @@ -910,9 +997,15 @@ pub struct PostgresClusterBackupsPgbackrestRepoHostAffinityPodAffinityPreferredD /// Required. A pod affinity term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestRepoHostAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -924,7 +1017,7 @@ pub struct PostgresClusterBackupsPgbackrestRepoHostAffinityPodAffinityPreferredD pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestRepoHostAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -973,9 +1066,15 @@ pub struct PostgresClusterBackupsPgbackrestRepoHostAffinityPodAffinityPreferredD /// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestRepoHostAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -987,7 +1086,7 @@ pub struct PostgresClusterBackupsPgbackrestRepoHostAffinityPodAffinityRequiredDu pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestRepoHostAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -1057,9 +1156,15 @@ pub struct PostgresClusterBackupsPgbackrestRepoHostAffinityPodAntiAffinityPrefer /// Required. A pod affinity term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestRepoHostAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -1071,7 +1176,7 @@ pub struct PostgresClusterBackupsPgbackrestRepoHostAffinityPodAntiAffinityPrefer pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestRepoHostAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -1120,9 +1225,15 @@ pub struct PostgresClusterBackupsPgbackrestRepoHostAffinityPodAntiAffinityPrefer /// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestRepoHostAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -1134,7 +1245,7 @@ pub struct PostgresClusterBackupsPgbackrestRepoHostAffinityPodAntiAffinityRequir pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestRepoHostAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -1183,14 +1294,26 @@ pub struct PostgresClusterBackupsPgbackrestRepoHostAffinityPodAntiAffinityRequir /// Resource requirements for a pgBackRest repository host #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestRepoHostResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterBackupsPgbackrestRepoHostResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + pub name: String, +} + /// ConfigMap containing custom SSH configuration. Deprecated: Repository hosts use mTLS for encryption, authentication, and authorization. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestRepoHostSshConfigMap { @@ -1269,15 +1392,26 @@ pub struct PostgresClusterBackupsPgbackrestRepoHostTopologySpreadConstraints { /// LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. + /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, /// MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed. #[serde(rename = "maxSkew")] pub max_skew: i32, /// MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. - /// This is an alpha field and requires enabling MinDomainsInPodTopologySpread feature gate. + /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minDomains")] pub min_domains: Option, - /// TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes match the node selector. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. + /// NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + /// If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] + pub node_affinity_policy: Option, + /// NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. + /// If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] + pub node_taints_policy: Option, + /// TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. #[serde(rename = "topologyKey")] pub topology_key: String, /// WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. @@ -1383,10 +1517,10 @@ pub struct PostgresClusterBackupsPgbackrestReposVolumeVolumeClaimSpec { /// accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 #[serde(rename = "accessModes")] pub access_modes: Vec, - /// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. + /// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSource")] pub data_source: Option, - /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSourceRef")] pub data_source_ref: Option, /// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -1397,6 +1531,9 @@ pub struct PostgresClusterBackupsPgbackrestReposVolumeVolumeClaimSpec { /// storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] pub storage_class_name: Option, + /// volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] + pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] pub volume_mode: Option, @@ -1405,7 +1542,7 @@ pub struct PostgresClusterBackupsPgbackrestReposVolumeVolumeClaimSpec { pub volume_name: Option, } -/// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. +/// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestReposVolumeVolumeClaimSpecDataSource { /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. @@ -1417,7 +1554,7 @@ pub struct PostgresClusterBackupsPgbackrestReposVolumeVolumeClaimSpecDataSource pub name: String, } -/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestReposVolumeVolumeClaimSpecDataSourceRef { /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. @@ -1427,6 +1564,9 @@ pub struct PostgresClusterBackupsPgbackrestReposVolumeVolumeClaimSpecDataSourceR pub kind: String, /// Name is the name of resource being referenced pub name: String, + /// Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, } /// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -1435,7 +1575,7 @@ pub struct PostgresClusterBackupsPgbackrestReposVolumeVolumeClaimSpecResources { /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ pub requests: BTreeMap, } @@ -1629,9 +1769,15 @@ pub struct PostgresClusterBackupsPgbackrestRestoreAffinityPodAffinityPreferredDu /// Required. A pod affinity term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestRestoreAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -1643,7 +1789,7 @@ pub struct PostgresClusterBackupsPgbackrestRestoreAffinityPodAffinityPreferredDu pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestRestoreAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -1692,9 +1838,15 @@ pub struct PostgresClusterBackupsPgbackrestRestoreAffinityPodAffinityPreferredDu /// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestRestoreAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -1706,7 +1858,7 @@ pub struct PostgresClusterBackupsPgbackrestRestoreAffinityPodAffinityRequiredDur pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestRestoreAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -1776,9 +1928,15 @@ pub struct PostgresClusterBackupsPgbackrestRestoreAffinityPodAntiAffinityPreferr /// Required. A pod affinity term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestRestoreAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -1790,7 +1948,7 @@ pub struct PostgresClusterBackupsPgbackrestRestoreAffinityPodAntiAffinityPreferr pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestRestoreAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -1839,9 +1997,15 @@ pub struct PostgresClusterBackupsPgbackrestRestoreAffinityPodAntiAffinityPreferr /// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestRestoreAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -1853,7 +2017,7 @@ pub struct PostgresClusterBackupsPgbackrestRestoreAffinityPodAntiAffinityRequire pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestRestoreAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -1902,14 +2066,26 @@ pub struct PostgresClusterBackupsPgbackrestRestoreAffinityPodAntiAffinityRequire /// Resource requirements for the pgBackRest restore Job. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestRestoreResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterBackupsPgbackrestRestoreResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + pub name: String, +} + /// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestRestoreTolerations { @@ -1952,14 +2128,26 @@ pub struct PostgresClusterBackupsPgbackrestSidecarsPgbackrest { /// Resource requirements for a sidecar container #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestSidecarsPgbackrestResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterBackupsPgbackrestSidecarsPgbackrestResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + pub name: String, +} + /// Defines the configuration for the pgBackRest config sidecar container #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestSidecarsPgbackrestConfig { @@ -1971,14 +2159,26 @@ pub struct PostgresClusterBackupsPgbackrestSidecarsPgbackrestConfig { /// Resource requirements for a sidecar container #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterBackupsPgbackrestSidecarsPgbackrestConfigResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterBackupsPgbackrestSidecarsPgbackrestConfigResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + pub name: String, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterConfig { #[serde(default, skip_serializing_if = "Option::is_none")] @@ -1988,6 +2188,12 @@ pub struct PostgresClusterConfig { /// Projection that may be projected along with other supported volume types #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterConfigFiles { + /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. + /// Alpha, gated by the ClusterTrustBundleProjection feature gate. + /// ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. + /// Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterTrustBundle")] + pub cluster_trust_bundle: Option, /// configMap information about the configMap data to project #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] pub config_map: Option, @@ -2002,6 +2208,51 @@ pub struct PostgresClusterConfigFiles { pub service_account_token: Option, } +/// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. +/// Alpha, gated by the ClusterTrustBundleProjection feature gate. +/// ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. +/// Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterConfigFilesClusterTrustBundle { + /// Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, + /// Relative path from the volume root to write the bundle. + pub path: String, + /// Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signerName")] + pub signer_name: Option, +} + +/// Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything". +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterConfigFilesClusterTrustBundleLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterConfigFilesClusterTrustBundleLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// configMap information about the configMap data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterConfigFilesConfigMap { @@ -2039,7 +2290,7 @@ pub struct PostgresClusterConfigFilesDownwardApi { /// DownwardAPIVolumeFile represents information to create the file containing the pod field #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterConfigFilesDownwardApiItems { - /// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. + /// Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, /// Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. @@ -2052,7 +2303,7 @@ pub struct PostgresClusterConfigFilesDownwardApiItems { pub resource_field_ref: Option, } -/// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +/// Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterConfigFilesDownwardApiItemsFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -2347,9 +2598,15 @@ pub struct PostgresClusterDataSourcePgbackrestAffinityPodAffinityPreferredDuring /// Required. A pod affinity term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterDataSourcePgbackrestAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -2361,7 +2618,7 @@ pub struct PostgresClusterDataSourcePgbackrestAffinityPodAffinityPreferredDuring pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterDataSourcePgbackrestAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -2410,9 +2667,15 @@ pub struct PostgresClusterDataSourcePgbackrestAffinityPodAffinityPreferredDuring /// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterDataSourcePgbackrestAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -2424,7 +2687,7 @@ pub struct PostgresClusterDataSourcePgbackrestAffinityPodAffinityRequiredDuringS pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterDataSourcePgbackrestAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -2494,9 +2757,15 @@ pub struct PostgresClusterDataSourcePgbackrestAffinityPodAntiAffinityPreferredDu /// Required. A pod affinity term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterDataSourcePgbackrestAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -2508,7 +2777,7 @@ pub struct PostgresClusterDataSourcePgbackrestAffinityPodAntiAffinityPreferredDu pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterDataSourcePgbackrestAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -2557,9 +2826,15 @@ pub struct PostgresClusterDataSourcePgbackrestAffinityPodAntiAffinityPreferredDu /// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterDataSourcePgbackrestAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -2571,7 +2846,7 @@ pub struct PostgresClusterDataSourcePgbackrestAffinityPodAntiAffinityRequiredDur pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterDataSourcePgbackrestAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -2620,6 +2895,12 @@ pub struct PostgresClusterDataSourcePgbackrestAffinityPodAntiAffinityRequiredDur /// Projection that may be projected along with other supported volume types #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterDataSourcePgbackrestConfiguration { + /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. + /// Alpha, gated by the ClusterTrustBundleProjection feature gate. + /// ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. + /// Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterTrustBundle")] + pub cluster_trust_bundle: Option, /// configMap information about the configMap data to project #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] pub config_map: Option, @@ -2634,6 +2915,51 @@ pub struct PostgresClusterDataSourcePgbackrestConfiguration { pub service_account_token: Option, } +/// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. +/// Alpha, gated by the ClusterTrustBundleProjection feature gate. +/// ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. +/// Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterDataSourcePgbackrestConfigurationClusterTrustBundle { + /// Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, + /// Relative path from the volume root to write the bundle. + pub path: String, + /// Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signerName")] + pub signer_name: Option, +} + +/// Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything". +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterDataSourcePgbackrestConfigurationClusterTrustBundleLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterDataSourcePgbackrestConfigurationClusterTrustBundleLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// configMap information about the configMap data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterDataSourcePgbackrestConfigurationConfigMap { @@ -2671,7 +2997,7 @@ pub struct PostgresClusterDataSourcePgbackrestConfigurationDownwardApi { /// DownwardAPIVolumeFile represents information to create the file containing the pod field #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterDataSourcePgbackrestConfigurationDownwardApiItems { - /// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. + /// Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, /// Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. @@ -2684,7 +3010,7 @@ pub struct PostgresClusterDataSourcePgbackrestConfigurationDownwardApiItems { pub resource_field_ref: Option, } -/// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +/// Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterDataSourcePgbackrestConfigurationDownwardApiItemsFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -2822,10 +3148,10 @@ pub struct PostgresClusterDataSourcePgbackrestRepoVolumeVolumeClaimSpec { /// accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] pub access_modes: Option>, - /// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. + /// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSource")] pub data_source: Option, - /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSourceRef")] pub data_source_ref: Option, /// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -2837,6 +3163,9 @@ pub struct PostgresClusterDataSourcePgbackrestRepoVolumeVolumeClaimSpec { /// storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] pub storage_class_name: Option, + /// volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] + pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] pub volume_mode: Option, @@ -2845,7 +3174,7 @@ pub struct PostgresClusterDataSourcePgbackrestRepoVolumeVolumeClaimSpec { pub volume_name: Option, } -/// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. +/// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterDataSourcePgbackrestRepoVolumeVolumeClaimSpecDataSource { /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. @@ -2857,7 +3186,7 @@ pub struct PostgresClusterDataSourcePgbackrestRepoVolumeVolumeClaimSpecDataSourc pub name: String, } -/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterDataSourcePgbackrestRepoVolumeVolumeClaimSpecDataSourceRef { /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. @@ -2867,6 +3196,9 @@ pub struct PostgresClusterDataSourcePgbackrestRepoVolumeVolumeClaimSpecDataSourc pub kind: String, /// Name is the name of resource being referenced pub name: String, + /// Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, } /// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -2875,7 +3207,7 @@ pub struct PostgresClusterDataSourcePgbackrestRepoVolumeVolumeClaimSpecResources /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } @@ -2906,14 +3238,26 @@ pub struct PostgresClusterDataSourcePgbackrestRepoVolumeVolumeClaimSpecSelectorM /// Resource requirements for the pgBackRest restore Job. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterDataSourcePgbackrestResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterDataSourcePgbackrestResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + pub name: String, +} + /// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterDataSourcePgbackrestTolerations { @@ -3099,9 +3443,15 @@ pub struct PostgresClusterDataSourcePostgresClusterAffinityPodAffinityPreferredD /// Required. A pod affinity term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterDataSourcePostgresClusterAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -3113,7 +3463,7 @@ pub struct PostgresClusterDataSourcePostgresClusterAffinityPodAffinityPreferredD pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterDataSourcePostgresClusterAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -3162,9 +3512,15 @@ pub struct PostgresClusterDataSourcePostgresClusterAffinityPodAffinityPreferredD /// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterDataSourcePostgresClusterAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -3176,7 +3532,7 @@ pub struct PostgresClusterDataSourcePostgresClusterAffinityPodAffinityRequiredDu pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterDataSourcePostgresClusterAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -3246,9 +3602,15 @@ pub struct PostgresClusterDataSourcePostgresClusterAffinityPodAntiAffinityPrefer /// Required. A pod affinity term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterDataSourcePostgresClusterAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -3260,7 +3622,7 @@ pub struct PostgresClusterDataSourcePostgresClusterAffinityPodAntiAffinityPrefer pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterDataSourcePostgresClusterAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -3309,9 +3671,15 @@ pub struct PostgresClusterDataSourcePostgresClusterAffinityPodAntiAffinityPrefer /// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterDataSourcePostgresClusterAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -3323,7 +3691,7 @@ pub struct PostgresClusterDataSourcePostgresClusterAffinityPodAntiAffinityRequir pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterDataSourcePostgresClusterAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -3372,14 +3740,26 @@ pub struct PostgresClusterDataSourcePostgresClusterAffinityPodAntiAffinityRequir /// Resource requirements for the pgBackRest restore Job. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterDataSourcePostgresClusterResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterDataSourcePostgresClusterResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + pub name: String, +} + /// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterDataSourcePostgresClusterTolerations { @@ -3654,9 +4034,15 @@ pub struct PostgresClusterInstancesAffinityPodAffinityPreferredDuringSchedulingI /// Required. A pod affinity term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -3668,7 +4054,7 @@ pub struct PostgresClusterInstancesAffinityPodAffinityPreferredDuringSchedulingI pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -3717,9 +4103,15 @@ pub struct PostgresClusterInstancesAffinityPodAffinityPreferredDuringSchedulingI /// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -3731,7 +4123,7 @@ pub struct PostgresClusterInstancesAffinityPodAffinityRequiredDuringSchedulingIg pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -3801,9 +4193,15 @@ pub struct PostgresClusterInstancesAffinityPodAntiAffinityPreferredDuringSchedul /// Required. A pod affinity term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -3815,7 +4213,7 @@ pub struct PostgresClusterInstancesAffinityPodAntiAffinityPreferredDuringSchedul pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -3864,9 +4262,15 @@ pub struct PostgresClusterInstancesAffinityPodAntiAffinityPreferredDuringSchedul /// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -3878,7 +4282,7 @@ pub struct PostgresClusterInstancesAffinityPodAntiAffinityRequiredDuringScheduli pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -3953,15 +4357,21 @@ pub struct PostgresClusterInstancesContainers { pub liveness_probe: Option, /// Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. pub name: String, - /// List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + /// List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none")] pub ports: Option>, /// Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[serde(default, skip_serializing_if = "Option::is_none", rename = "readinessProbe")] pub readiness_probe: Option, + /// Resources resize policy for the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resizePolicy")] + pub resize_policy: Option>, /// Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, + /// RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "restartPolicy")] + pub restart_policy: Option, /// SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContext")] pub security_context: Option, @@ -4130,6 +4540,9 @@ pub struct PostgresClusterInstancesContainersLifecyclePostStart { /// HTTPGet specifies the http request to perform. #[serde(default, skip_serializing_if = "Option::is_none", rename = "httpGet")] pub http_get: Option, + /// Sleep represents the duration that the container should sleep before being terminated. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub sleep: Option, /// Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tcpSocket")] pub tcp_socket: Option, @@ -4165,12 +4578,19 @@ pub struct PostgresClusterInstancesContainersLifecyclePostStartHttpGet { /// HTTPHeader describes a custom header to be used in HTTP probes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesContainersLifecyclePostStartHttpGetHttpHeaders { - /// The header field name + /// The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. pub name: String, /// The header field value pub value: String, } +/// Sleep represents the duration that the container should sleep before being terminated. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterInstancesContainersLifecyclePostStartSleep { + /// Seconds is the number of seconds to sleep. + pub seconds: i64, +} + /// Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesContainersLifecyclePostStartTcpSocket { @@ -4190,6 +4610,9 @@ pub struct PostgresClusterInstancesContainersLifecyclePreStop { /// HTTPGet specifies the http request to perform. #[serde(default, skip_serializing_if = "Option::is_none", rename = "httpGet")] pub http_get: Option, + /// Sleep represents the duration that the container should sleep before being terminated. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub sleep: Option, /// Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tcpSocket")] pub tcp_socket: Option, @@ -4225,12 +4648,19 @@ pub struct PostgresClusterInstancesContainersLifecyclePreStopHttpGet { /// HTTPHeader describes a custom header to be used in HTTP probes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesContainersLifecyclePreStopHttpGetHttpHeaders { - /// The header field name + /// The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. pub name: String, /// The header field value pub value: String, } +/// Sleep represents the duration that the container should sleep before being terminated. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterInstancesContainersLifecyclePreStopSleep { + /// Seconds is the number of seconds to sleep. + pub seconds: i64, +} + /// Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesContainersLifecyclePreStopTcpSocket { @@ -4250,7 +4680,7 @@ pub struct PostgresClusterInstancesContainersLivenessProbe { /// Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, - /// GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. + /// GRPC specifies an action involving a GRPC port. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -4284,7 +4714,7 @@ pub struct PostgresClusterInstancesContainersLivenessProbeExec { pub command: Option>, } -/// GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. +/// GRPC specifies an action involving a GRPC port. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesContainersLivenessProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -4317,7 +4747,7 @@ pub struct PostgresClusterInstancesContainersLivenessProbeHttpGet { /// HTTPHeader describes a custom header to be used in HTTP probes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesContainersLivenessProbeHttpGetHttpHeaders { - /// The header field name + /// The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. pub name: String, /// The header field value pub value: String, @@ -4362,7 +4792,7 @@ pub struct PostgresClusterInstancesContainersReadinessProbe { /// Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, - /// GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. + /// GRPC specifies an action involving a GRPC port. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -4396,7 +4826,7 @@ pub struct PostgresClusterInstancesContainersReadinessProbeExec { pub command: Option>, } -/// GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. +/// GRPC specifies an action involving a GRPC port. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesContainersReadinessProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -4429,7 +4859,7 @@ pub struct PostgresClusterInstancesContainersReadinessProbeHttpGet { /// HTTPHeader describes a custom header to be used in HTTP probes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesContainersReadinessProbeHttpGetHttpHeaders { - /// The header field name + /// The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. pub name: String, /// The header field value pub value: String, @@ -4445,23 +4875,49 @@ pub struct PostgresClusterInstancesContainersReadinessProbeTcpSocket { pub port: IntOrString, } +/// ContainerResizePolicy represents resource resize policy for the container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterInstancesContainersResizePolicy { + /// Name of the resource to which this resource resize policy applies. Supported values: cpu, memory. + #[serde(rename = "resourceName")] + pub resource_name: String, + /// Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. + #[serde(rename = "restartPolicy")] + pub restart_policy: String, +} + /// Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesContainersResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterInstancesContainersResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + pub name: String, +} + /// SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesContainersSecurityContext { /// AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowPrivilegeEscalation")] pub allow_privilege_escalation: Option, + /// appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "appArmorProfile")] + pub app_armor_profile: Option, /// The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none")] pub capabilities: Option, @@ -4494,6 +4950,17 @@ pub struct PostgresClusterInstancesContainersSecurityContext { pub windows_options: Option, } +/// appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterInstancesContainersSecurityContextAppArmorProfile { + /// localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] + pub localhost_profile: Option, + /// type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + #[serde(rename = "type")] + pub r#type: String, +} + /// The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesContainersSecurityContextCapabilities { @@ -4525,7 +4992,7 @@ pub struct PostgresClusterInstancesContainersSecurityContextSeLinuxOptions { /// The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesContainersSecurityContextSeccompProfile { - /// localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". + /// localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] pub localhost_profile: Option, /// type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -4542,7 +5009,7 @@ pub struct PostgresClusterInstancesContainersSecurityContextWindowsOptions { /// GMSACredentialSpecName is the name of the GMSA credential spec to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] pub gmsa_credential_spec_name: Option, - /// HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. + /// HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] pub host_process: Option, /// The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. @@ -4559,7 +5026,7 @@ pub struct PostgresClusterInstancesContainersStartupProbe { /// Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, - /// GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. + /// GRPC specifies an action involving a GRPC port. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -4593,7 +5060,7 @@ pub struct PostgresClusterInstancesContainersStartupProbeExec { pub command: Option>, } -/// GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. +/// GRPC specifies an action involving a GRPC port. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesContainersStartupProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -4626,7 +5093,7 @@ pub struct PostgresClusterInstancesContainersStartupProbeHttpGet { /// HTTPHeader describes a custom header to be used in HTTP probes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesContainersStartupProbeHttpGetHttpHeaders { - /// The header field name + /// The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. pub name: String, /// The header field value pub value: String, @@ -4658,7 +5125,7 @@ pub struct PostgresClusterInstancesContainersVolumeMounts { /// Path within the container at which the volume should be mounted. Must not contain ':'. #[serde(rename = "mountPath")] pub mount_path: String, - /// mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + /// mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPropagation")] pub mount_propagation: Option, /// This must match the Name of a Volume. @@ -4666,6 +5133,13 @@ pub struct PostgresClusterInstancesContainersVolumeMounts { /// Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, + /// RecursiveReadOnly specifies whether read-only mounts should be handled recursively. + /// If ReadOnly is false, this field has no meaning and must be unspecified. + /// If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. + /// If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). + /// If this field is not specified, it is treated as an equivalent of Disabled. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, /// Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] pub sub_path: Option, @@ -4680,10 +5154,10 @@ pub struct PostgresClusterInstancesDataVolumeClaimSpec { /// accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 #[serde(rename = "accessModes")] pub access_modes: Vec, - /// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. + /// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSource")] pub data_source: Option, - /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSourceRef")] pub data_source_ref: Option, /// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -4694,6 +5168,9 @@ pub struct PostgresClusterInstancesDataVolumeClaimSpec { /// storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] pub storage_class_name: Option, + /// volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] + pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] pub volume_mode: Option, @@ -4702,7 +5179,7 @@ pub struct PostgresClusterInstancesDataVolumeClaimSpec { pub volume_name: Option, } -/// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. +/// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesDataVolumeClaimSpecDataSource { /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. @@ -4714,7 +5191,7 @@ pub struct PostgresClusterInstancesDataVolumeClaimSpecDataSource { pub name: String, } -/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesDataVolumeClaimSpecDataSourceRef { /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. @@ -4724,6 +5201,9 @@ pub struct PostgresClusterInstancesDataVolumeClaimSpecDataSourceRef { pub kind: String, /// Name is the name of resource being referenced pub name: String, + /// Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, } /// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -4732,7 +5212,7 @@ pub struct PostgresClusterInstancesDataVolumeClaimSpecResources { /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ pub requests: BTreeMap, } @@ -4771,14 +5251,26 @@ pub struct PostgresClusterInstancesMetadata { /// Compute resources of a PostgreSQL container. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterInstancesResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + pub name: String, +} + /// Configuration for instance sidecar containers #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesSidecars { @@ -4798,14 +5290,26 @@ pub struct PostgresClusterInstancesSidecarsReplicaCertCopy { /// Resource requirements for a sidecar container #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesSidecarsReplicaCertCopyResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterInstancesSidecarsReplicaCertCopyResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + pub name: String, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesTablespaceVolumes { /// Defines a PersistentVolumeClaim for a tablespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes @@ -4821,10 +5325,10 @@ pub struct PostgresClusterInstancesTablespaceVolumesDataVolumeClaimSpec { /// accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] pub access_modes: Option>, - /// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. + /// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSource")] pub data_source: Option, - /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSourceRef")] pub data_source_ref: Option, /// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -4836,6 +5340,9 @@ pub struct PostgresClusterInstancesTablespaceVolumesDataVolumeClaimSpec { /// storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] pub storage_class_name: Option, + /// volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] + pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] pub volume_mode: Option, @@ -4844,7 +5351,7 @@ pub struct PostgresClusterInstancesTablespaceVolumesDataVolumeClaimSpec { pub volume_name: Option, } -/// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. +/// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesTablespaceVolumesDataVolumeClaimSpecDataSource { /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. @@ -4856,7 +5363,7 @@ pub struct PostgresClusterInstancesTablespaceVolumesDataVolumeClaimSpecDataSourc pub name: String, } -/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesTablespaceVolumesDataVolumeClaimSpecDataSourceRef { /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. @@ -4866,6 +5373,9 @@ pub struct PostgresClusterInstancesTablespaceVolumesDataVolumeClaimSpecDataSourc pub kind: String, /// Name is the name of resource being referenced pub name: String, + /// Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, } /// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -4874,7 +5384,7 @@ pub struct PostgresClusterInstancesTablespaceVolumesDataVolumeClaimSpecResources /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } @@ -4928,15 +5438,26 @@ pub struct PostgresClusterInstancesTopologySpreadConstraints { /// LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. + /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, /// MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed. #[serde(rename = "maxSkew")] pub max_skew: i32, /// MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. - /// This is an alpha field and requires enabling MinDomainsInPodTopologySpread feature gate. + /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minDomains")] pub min_domains: Option, - /// TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes match the node selector. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. + /// NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + /// If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] + pub node_affinity_policy: Option, + /// NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. + /// If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] + pub node_taints_policy: Option, + /// TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. #[serde(rename = "topologyKey")] pub topology_key: String, /// WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. @@ -4973,10 +5494,10 @@ pub struct PostgresClusterInstancesWalVolumeClaimSpec { /// accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 #[serde(rename = "accessModes")] pub access_modes: Vec, - /// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. + /// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSource")] pub data_source: Option, - /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSourceRef")] pub data_source_ref: Option, /// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -4987,6 +5508,9 @@ pub struct PostgresClusterInstancesWalVolumeClaimSpec { /// storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] pub storage_class_name: Option, + /// volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] + pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] pub volume_mode: Option, @@ -4995,7 +5519,7 @@ pub struct PostgresClusterInstancesWalVolumeClaimSpec { pub volume_name: Option, } -/// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. +/// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesWalVolumeClaimSpecDataSource { /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. @@ -5007,7 +5531,7 @@ pub struct PostgresClusterInstancesWalVolumeClaimSpecDataSource { pub name: String, } -/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterInstancesWalVolumeClaimSpecDataSourceRef { /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. @@ -5017,6 +5541,9 @@ pub struct PostgresClusterInstancesWalVolumeClaimSpecDataSourceRef { pub kind: String, /// Name is the name of resource being referenced pub name: String, + /// Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, } /// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -5025,7 +5552,7 @@ pub struct PostgresClusterInstancesWalVolumeClaimSpecResources { /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ pub requests: BTreeMap, } @@ -5095,6 +5622,12 @@ pub struct PostgresClusterMonitoringPgmonitorExporter { /// Projection that may be projected along with other supported volume types #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterMonitoringPgmonitorExporterConfiguration { + /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. + /// Alpha, gated by the ClusterTrustBundleProjection feature gate. + /// ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. + /// Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterTrustBundle")] + pub cluster_trust_bundle: Option, /// configMap information about the configMap data to project #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] pub config_map: Option, @@ -5109,6 +5642,51 @@ pub struct PostgresClusterMonitoringPgmonitorExporterConfiguration { pub service_account_token: Option, } +/// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. +/// Alpha, gated by the ClusterTrustBundleProjection feature gate. +/// ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. +/// Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterMonitoringPgmonitorExporterConfigurationClusterTrustBundle { + /// Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, + /// Relative path from the volume root to write the bundle. + pub path: String, + /// Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signerName")] + pub signer_name: Option, +} + +/// Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything". +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterMonitoringPgmonitorExporterConfigurationClusterTrustBundleLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterMonitoringPgmonitorExporterConfigurationClusterTrustBundleLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// configMap information about the configMap data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterMonitoringPgmonitorExporterConfigurationConfigMap { @@ -5146,7 +5724,7 @@ pub struct PostgresClusterMonitoringPgmonitorExporterConfigurationDownwardApi { /// DownwardAPIVolumeFile represents information to create the file containing the pod field #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterMonitoringPgmonitorExporterConfigurationDownwardApiItems { - /// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. + /// Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, /// Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. @@ -5159,7 +5737,7 @@ pub struct PostgresClusterMonitoringPgmonitorExporterConfigurationDownwardApiIte pub resource_field_ref: Option, } -/// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +/// Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterMonitoringPgmonitorExporterConfigurationDownwardApiItemsFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -5251,14 +5829,26 @@ pub struct PostgresClusterMonitoringPgmonitorExporterCustomTlsSecretItems { /// Changing this value causes PostgreSQL and the exporter to restart. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterMonitoringPgmonitorExporterResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterMonitoringPgmonitorExporterResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + pub name: String, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterPatroni { /// Patroni dynamic configuration settings. Changes to this value will be automatically reloaded without validation. Changes to certain PostgreSQL parameters cause PostgreSQL to restart. More info: https://patroni.readthedocs.io/en/latest/dynamic_configuration.html @@ -5492,9 +6082,15 @@ pub struct PostgresClusterProxyPgBouncerAffinityPodAffinityPreferredDuringSchedu /// Required. A pod affinity term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterProxyPgBouncerAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -5506,7 +6102,7 @@ pub struct PostgresClusterProxyPgBouncerAffinityPodAffinityPreferredDuringSchedu pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterProxyPgBouncerAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -5555,9 +6151,15 @@ pub struct PostgresClusterProxyPgBouncerAffinityPodAffinityPreferredDuringSchedu /// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterProxyPgBouncerAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -5569,7 +6171,7 @@ pub struct PostgresClusterProxyPgBouncerAffinityPodAffinityRequiredDuringSchedul pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterProxyPgBouncerAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -5639,9 +6241,15 @@ pub struct PostgresClusterProxyPgBouncerAffinityPodAntiAffinityPreferredDuringSc /// Required. A pod affinity term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterProxyPgBouncerAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -5653,7 +6261,7 @@ pub struct PostgresClusterProxyPgBouncerAffinityPodAntiAffinityPreferredDuringSc pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterProxyPgBouncerAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -5702,9 +6310,15 @@ pub struct PostgresClusterProxyPgBouncerAffinityPodAntiAffinityPreferredDuringSc /// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterProxyPgBouncerAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -5716,7 +6330,7 @@ pub struct PostgresClusterProxyPgBouncerAffinityPodAntiAffinityRequiredDuringSch pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterProxyPgBouncerAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -5782,6 +6396,12 @@ pub struct PostgresClusterProxyPgBouncerConfig { /// Projection that may be projected along with other supported volume types #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterProxyPgBouncerConfigFiles { + /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. + /// Alpha, gated by the ClusterTrustBundleProjection feature gate. + /// ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. + /// Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterTrustBundle")] + pub cluster_trust_bundle: Option, /// configMap information about the configMap data to project #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] pub config_map: Option, @@ -5796,6 +6416,51 @@ pub struct PostgresClusterProxyPgBouncerConfigFiles { pub service_account_token: Option, } +/// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. +/// Alpha, gated by the ClusterTrustBundleProjection feature gate. +/// ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. +/// Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterProxyPgBouncerConfigFilesClusterTrustBundle { + /// Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, + /// Relative path from the volume root to write the bundle. + pub path: String, + /// Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signerName")] + pub signer_name: Option, +} + +/// Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything". +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterProxyPgBouncerConfigFilesClusterTrustBundleLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterProxyPgBouncerConfigFilesClusterTrustBundleLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// configMap information about the configMap data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterProxyPgBouncerConfigFilesConfigMap { @@ -5833,7 +6498,7 @@ pub struct PostgresClusterProxyPgBouncerConfigFilesDownwardApi { /// DownwardAPIVolumeFile represents information to create the file containing the pod field #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterProxyPgBouncerConfigFilesDownwardApiItems { - /// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. + /// Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, /// Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. @@ -5846,7 +6511,7 @@ pub struct PostgresClusterProxyPgBouncerConfigFilesDownwardApiItems { pub resource_field_ref: Option, } -/// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +/// Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterProxyPgBouncerConfigFilesDownwardApiItemsFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -5938,15 +6603,21 @@ pub struct PostgresClusterProxyPgBouncerContainers { pub liveness_probe: Option, /// Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. pub name: String, - /// List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + /// List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none")] pub ports: Option>, /// Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes #[serde(default, skip_serializing_if = "Option::is_none", rename = "readinessProbe")] pub readiness_probe: Option, + /// Resources resize policy for the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resizePolicy")] + pub resize_policy: Option>, /// Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, + /// RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "restartPolicy")] + pub restart_policy: Option, /// SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContext")] pub security_context: Option, @@ -6115,6 +6786,9 @@ pub struct PostgresClusterProxyPgBouncerContainersLifecyclePostStart { /// HTTPGet specifies the http request to perform. #[serde(default, skip_serializing_if = "Option::is_none", rename = "httpGet")] pub http_get: Option, + /// Sleep represents the duration that the container should sleep before being terminated. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub sleep: Option, /// Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tcpSocket")] pub tcp_socket: Option, @@ -6150,12 +6824,19 @@ pub struct PostgresClusterProxyPgBouncerContainersLifecyclePostStartHttpGet { /// HTTPHeader describes a custom header to be used in HTTP probes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterProxyPgBouncerContainersLifecyclePostStartHttpGetHttpHeaders { - /// The header field name + /// The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. pub name: String, /// The header field value pub value: String, } +/// Sleep represents the duration that the container should sleep before being terminated. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterProxyPgBouncerContainersLifecyclePostStartSleep { + /// Seconds is the number of seconds to sleep. + pub seconds: i64, +} + /// Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterProxyPgBouncerContainersLifecyclePostStartTcpSocket { @@ -6175,6 +6856,9 @@ pub struct PostgresClusterProxyPgBouncerContainersLifecyclePreStop { /// HTTPGet specifies the http request to perform. #[serde(default, skip_serializing_if = "Option::is_none", rename = "httpGet")] pub http_get: Option, + /// Sleep represents the duration that the container should sleep before being terminated. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub sleep: Option, /// Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tcpSocket")] pub tcp_socket: Option, @@ -6210,12 +6894,19 @@ pub struct PostgresClusterProxyPgBouncerContainersLifecyclePreStopHttpGet { /// HTTPHeader describes a custom header to be used in HTTP probes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterProxyPgBouncerContainersLifecyclePreStopHttpGetHttpHeaders { - /// The header field name + /// The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. pub name: String, /// The header field value pub value: String, } +/// Sleep represents the duration that the container should sleep before being terminated. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterProxyPgBouncerContainersLifecyclePreStopSleep { + /// Seconds is the number of seconds to sleep. + pub seconds: i64, +} + /// Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterProxyPgBouncerContainersLifecyclePreStopTcpSocket { @@ -6235,7 +6926,7 @@ pub struct PostgresClusterProxyPgBouncerContainersLivenessProbe { /// Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, - /// GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. + /// GRPC specifies an action involving a GRPC port. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -6269,7 +6960,7 @@ pub struct PostgresClusterProxyPgBouncerContainersLivenessProbeExec { pub command: Option>, } -/// GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. +/// GRPC specifies an action involving a GRPC port. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterProxyPgBouncerContainersLivenessProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -6302,7 +6993,7 @@ pub struct PostgresClusterProxyPgBouncerContainersLivenessProbeHttpGet { /// HTTPHeader describes a custom header to be used in HTTP probes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterProxyPgBouncerContainersLivenessProbeHttpGetHttpHeaders { - /// The header field name + /// The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. pub name: String, /// The header field value pub value: String, @@ -6347,7 +7038,7 @@ pub struct PostgresClusterProxyPgBouncerContainersReadinessProbe { /// Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, - /// GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. + /// GRPC specifies an action involving a GRPC port. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -6381,7 +7072,7 @@ pub struct PostgresClusterProxyPgBouncerContainersReadinessProbeExec { pub command: Option>, } -/// GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. +/// GRPC specifies an action involving a GRPC port. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterProxyPgBouncerContainersReadinessProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -6414,7 +7105,7 @@ pub struct PostgresClusterProxyPgBouncerContainersReadinessProbeHttpGet { /// HTTPHeader describes a custom header to be used in HTTP probes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterProxyPgBouncerContainersReadinessProbeHttpGetHttpHeaders { - /// The header field name + /// The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. pub name: String, /// The header field value pub value: String, @@ -6430,23 +7121,49 @@ pub struct PostgresClusterProxyPgBouncerContainersReadinessProbeTcpSocket { pub port: IntOrString, } +/// ContainerResizePolicy represents resource resize policy for the container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterProxyPgBouncerContainersResizePolicy { + /// Name of the resource to which this resource resize policy applies. Supported values: cpu, memory. + #[serde(rename = "resourceName")] + pub resource_name: String, + /// Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. + #[serde(rename = "restartPolicy")] + pub restart_policy: String, +} + /// Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterProxyPgBouncerContainersResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterProxyPgBouncerContainersResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + pub name: String, +} + /// SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterProxyPgBouncerContainersSecurityContext { /// AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowPrivilegeEscalation")] pub allow_privilege_escalation: Option, + /// appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "appArmorProfile")] + pub app_armor_profile: Option, /// The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none")] pub capabilities: Option, @@ -6479,6 +7196,17 @@ pub struct PostgresClusterProxyPgBouncerContainersSecurityContext { pub windows_options: Option, } +/// appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterProxyPgBouncerContainersSecurityContextAppArmorProfile { + /// localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] + pub localhost_profile: Option, + /// type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + #[serde(rename = "type")] + pub r#type: String, +} + /// The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterProxyPgBouncerContainersSecurityContextCapabilities { @@ -6510,7 +7238,7 @@ pub struct PostgresClusterProxyPgBouncerContainersSecurityContextSeLinuxOptions /// The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterProxyPgBouncerContainersSecurityContextSeccompProfile { - /// localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". + /// localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] pub localhost_profile: Option, /// type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -6527,7 +7255,7 @@ pub struct PostgresClusterProxyPgBouncerContainersSecurityContextWindowsOptions /// GMSACredentialSpecName is the name of the GMSA credential spec to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] pub gmsa_credential_spec_name: Option, - /// HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. + /// HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] pub host_process: Option, /// The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. @@ -6544,7 +7272,7 @@ pub struct PostgresClusterProxyPgBouncerContainersStartupProbe { /// Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, - /// GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. + /// GRPC specifies an action involving a GRPC port. #[serde(default, skip_serializing_if = "Option::is_none")] pub grpc: Option, /// HTTPGet specifies the http request to perform. @@ -6578,7 +7306,7 @@ pub struct PostgresClusterProxyPgBouncerContainersStartupProbeExec { pub command: Option>, } -/// GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. +/// GRPC specifies an action involving a GRPC port. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterProxyPgBouncerContainersStartupProbeGrpc { /// Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -6611,7 +7339,7 @@ pub struct PostgresClusterProxyPgBouncerContainersStartupProbeHttpGet { /// HTTPHeader describes a custom header to be used in HTTP probes #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterProxyPgBouncerContainersStartupProbeHttpGetHttpHeaders { - /// The header field name + /// The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. pub name: String, /// The header field value pub value: String, @@ -6643,7 +7371,7 @@ pub struct PostgresClusterProxyPgBouncerContainersVolumeMounts { /// Path within the container at which the volume should be mounted. Must not contain ':'. #[serde(rename = "mountPath")] pub mount_path: String, - /// mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + /// mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountPropagation")] pub mount_propagation: Option, /// This must match the Name of a Volume. @@ -6651,6 +7379,13 @@ pub struct PostgresClusterProxyPgBouncerContainersVolumeMounts { /// Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnly")] pub read_only: Option, + /// RecursiveReadOnly specifies whether read-only mounts should be handled recursively. + /// If ReadOnly is false, this field has no meaning and must be unspecified. + /// If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. + /// If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). + /// If this field is not specified, it is treated as an equivalent of Disabled. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] + pub recursive_read_only: Option, /// Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). #[serde(default, skip_serializing_if = "Option::is_none", rename = "subPath")] pub sub_path: Option, @@ -6697,14 +7432,26 @@ pub struct PostgresClusterProxyPgBouncerMetadata { /// Compute resources of a PgBouncer container. Changing this value causes PgBouncer to restart. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterProxyPgBouncerResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterProxyPgBouncerResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + pub name: String, +} + /// Specification of the service that exposes PgBouncer. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterProxyPgBouncerService { @@ -6776,14 +7523,26 @@ pub struct PostgresClusterProxyPgBouncerSidecarsPgbouncerConfig { /// Resource requirements for a sidecar container #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterProxyPgBouncerSidecarsPgbouncerConfigResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterProxyPgBouncerSidecarsPgbouncerConfigResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + pub name: String, +} + /// The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterProxyPgBouncerTolerations { @@ -6810,15 +7569,26 @@ pub struct PostgresClusterProxyPgBouncerTopologySpreadConstraints { /// LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. + /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, /// MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed. #[serde(rename = "maxSkew")] pub max_skew: i32, /// MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. - /// This is an alpha field and requires enabling MinDomainsInPodTopologySpread feature gate. + /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minDomains")] pub min_domains: Option, - /// TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes match the node selector. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. + /// NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + /// If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] + pub node_affinity_policy: Option, + /// NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. + /// If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] + pub node_taints_policy: Option, + /// TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. #[serde(rename = "topologyKey")] pub topology_key: String, /// WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. @@ -7152,9 +7922,15 @@ pub struct PostgresClusterUserInterfacePgAdminAffinityPodAffinityPreferredDuring /// Required. A pod affinity term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterUserInterfacePgAdminAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -7166,7 +7942,7 @@ pub struct PostgresClusterUserInterfacePgAdminAffinityPodAffinityPreferredDuring pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterUserInterfacePgAdminAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -7215,9 +7991,15 @@ pub struct PostgresClusterUserInterfacePgAdminAffinityPodAffinityPreferredDuring /// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterUserInterfacePgAdminAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -7229,7 +8011,7 @@ pub struct PostgresClusterUserInterfacePgAdminAffinityPodAffinityRequiredDuringS pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterUserInterfacePgAdminAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -7299,9 +8081,15 @@ pub struct PostgresClusterUserInterfacePgAdminAffinityPodAntiAffinityPreferredDu /// Required. A pod affinity term, associated with the corresponding weight. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterUserInterfacePgAdminAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -7313,7 +8101,7 @@ pub struct PostgresClusterUserInterfacePgAdminAffinityPodAntiAffinityPreferredDu pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterUserInterfacePgAdminAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -7362,9 +8150,15 @@ pub struct PostgresClusterUserInterfacePgAdminAffinityPodAntiAffinityPreferredDu /// Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterUserInterfacePgAdminAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { - /// A label query over a set of resources, in this case pods. + /// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, @@ -7376,7 +8170,7 @@ pub struct PostgresClusterUserInterfacePgAdminAffinityPodAntiAffinityRequiredDur pub topology_key: String, } -/// A label query over a set of resources, in this case pods. +/// A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterUserInterfacePgAdminAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -7439,6 +8233,12 @@ pub struct PostgresClusterUserInterfacePgAdminConfig { /// Projection that may be projected along with other supported volume types #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterUserInterfacePgAdminConfigFiles { + /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. + /// Alpha, gated by the ClusterTrustBundleProjection feature gate. + /// ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. + /// Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterTrustBundle")] + pub cluster_trust_bundle: Option, /// configMap information about the configMap data to project #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMap")] pub config_map: Option, @@ -7453,6 +8253,51 @@ pub struct PostgresClusterUserInterfacePgAdminConfigFiles { pub service_account_token: Option, } +/// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. +/// Alpha, gated by the ClusterTrustBundleProjection feature gate. +/// ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. +/// Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterUserInterfacePgAdminConfigFilesClusterTrustBundle { + /// Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, + /// Relative path from the volume root to write the bundle. + pub path: String, + /// Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "signerName")] + pub signer_name: Option, +} + +/// Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything". +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterUserInterfacePgAdminConfigFilesClusterTrustBundleLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterUserInterfacePgAdminConfigFilesClusterTrustBundleLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// configMap information about the configMap data to project #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterUserInterfacePgAdminConfigFilesConfigMap { @@ -7490,7 +8335,7 @@ pub struct PostgresClusterUserInterfacePgAdminConfigFilesDownwardApi { /// DownwardAPIVolumeFile represents information to create the file containing the pod field #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterUserInterfacePgAdminConfigFilesDownwardApiItems { - /// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. + /// Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] pub field_ref: Option, /// Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. @@ -7503,7 +8348,7 @@ pub struct PostgresClusterUserInterfacePgAdminConfigFilesDownwardApiItems { pub resource_field_ref: Option, } -/// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +/// Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterUserInterfacePgAdminConfigFilesDownwardApiItemsFieldRef { /// Version of the schema the FieldPath is written in terms of, defaults to "v1". @@ -7585,10 +8430,10 @@ pub struct PostgresClusterUserInterfacePgAdminDataVolumeClaimSpec { /// accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessModes")] pub access_modes: Option>, - /// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. + /// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSource")] pub data_source: Option, - /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + /// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataSourceRef")] pub data_source_ref: Option, /// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -7600,6 +8445,9 @@ pub struct PostgresClusterUserInterfacePgAdminDataVolumeClaimSpec { /// storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 #[serde(default, skip_serializing_if = "Option::is_none", rename = "storageClassName")] pub storage_class_name: Option, + /// volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] + pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeMode")] pub volume_mode: Option, @@ -7608,7 +8456,7 @@ pub struct PostgresClusterUserInterfacePgAdminDataVolumeClaimSpec { pub volume_name: Option, } -/// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. +/// dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterUserInterfacePgAdminDataVolumeClaimSpecDataSource { /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. @@ -7620,7 +8468,7 @@ pub struct PostgresClusterUserInterfacePgAdminDataVolumeClaimSpecDataSource { pub name: String, } -/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +/// dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterUserInterfacePgAdminDataVolumeClaimSpecDataSourceRef { /// APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. @@ -7630,6 +8478,9 @@ pub struct PostgresClusterUserInterfacePgAdminDataVolumeClaimSpecDataSourceRef { pub kind: String, /// Name is the name of resource being referenced pub name: String, + /// Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, } /// resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -7638,7 +8489,7 @@ pub struct PostgresClusterUserInterfacePgAdminDataVolumeClaimSpecResources { /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } @@ -7678,14 +8529,26 @@ pub struct PostgresClusterUserInterfacePgAdminMetadata { /// Compute resources of a pgAdmin container. Changing this value causes pgAdmin to restart. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterUserInterfacePgAdminResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + /// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, /// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub limits: Option>, - /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + /// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ #[serde(default, skip_serializing_if = "Option::is_none")] pub requests: Option>, } +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PostgresClusterUserInterfacePgAdminResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + pub name: String, +} + /// Specification of the service that exposes pgAdmin. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PostgresClusterUserInterfacePgAdminService { @@ -7764,15 +8627,26 @@ pub struct PostgresClusterUserInterfacePgAdminTopologySpreadConstraints { /// LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. + /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, /// MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed. #[serde(rename = "maxSkew")] pub max_skew: i32, /// MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. - /// This is an alpha field and requires enabling MinDomainsInPodTopologySpread feature gate. + /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minDomains")] pub min_domains: Option, - /// TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes match the node selector. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. + /// NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + /// If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] + pub node_affinity_policy: Option, + /// NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. + /// If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] + pub node_taints_policy: Option, + /// TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. #[serde(rename = "topologyKey")] pub topology_key: String, /// WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. diff --git a/kube-custom-resources-rs/src/ps_percona_com/v1alpha1/perconaservermysqls.rs b/kube-custom-resources-rs/src/ps_percona_com/v1alpha1/perconaservermysqls.rs index d091b7f12..ee8ee6407 100644 --- a/kube-custom-resources-rs/src/ps_percona_com/v1alpha1/perconaservermysqls.rs +++ b/kube-custom-resources-rs/src/ps_percona_com/v1alpha1/perconaservermysqls.rs @@ -20,8 +20,6 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct PerconaServerMySQLSpec { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowUnsafeConfigurations")] - pub allow_unsafe_configurations: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub backup: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "crVersion")] @@ -52,6 +50,8 @@ pub struct PerconaServerMySQLSpec { pub tls: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub toolkit: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "unsafeFlags")] + pub unsafe_flags: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "updateStrategy")] pub update_strategy: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "upgradeOptions")] @@ -6582,6 +6582,20 @@ pub struct PerconaServerMySQLToolkitStartupProbeTcpSocket { pub port: IntOrString, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PerconaServerMySQLUnsafeFlags { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mysqlSize")] + pub mysql_size: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub orchestrator: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "orchestratorSize")] + pub orchestrator_size: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub proxy: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxySize")] + pub proxy_size: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaServerMySQLUpgradeOptions { #[serde(default, skip_serializing_if = "Option::is_none")]