From 618eda3a18e2e75cd624b18dad25b00cc475ff3a Mon Sep 17 00:00:00 2001 From: sebhoss Date: Fri, 12 Apr 2024 10:09:38 +0000 Subject: [PATCH] Update upstream specifications to their latest version --- .../v1beta1/pgadmins.yaml | 2 +- .../v1beta1/pgupgrades.yaml | 2 +- .../v1beta1/postgresclusters.yaml | 4 +- .../v1beta2/scheduledsparkapplications.yaml | 6 +- .../v1beta2/sparkapplications.yaml | 6 +- .../kuadrant.io/v1alpha1/dnsrecords.yaml | 15 + .../kuadrant.io/v1beta2/authpolicies.yaml | 2675 +++++++- .../v1beta2/ratelimitpolicies.yaml | 222 + .../v1alpha1/limitadors.yaml | 3 + .../v1beta1/vmagents.yaml | 6 +- .../v1beta1/vmalertmanagers.yaml | 6 +- .../v1beta1/vmalerts.yaml | 6 +- .../v1beta1/vmauths.yaml | 6 +- .../v1beta1/vmclusters.yaml | 12 +- .../v1beta1/vmsingles.yaml | 3 + .../v1/aerospikeclusters.yaml | 3 + .../awx.ansible.com/v1beta1/awxs.yaml | 22 +- .../apps.kubeblocks.io/v1alpha1/clusters.yaml | 341 +- .../v1alpha1/opsrequests.yaml | 4286 +++++++++++- .../v1alpha1/replicatedstatemachines.yaml | 105 +- .../rc.app.stacks/v1/runtimecomponents.yaml | 129 +- .../v1beta2/runtimecomponents.yaml | 125 +- .../v1/compositionrevisions.yaml | 9 +- .../v1/compositions.yaml | 9 +- .../v1beta1/compositionrevisions.yaml | 9 +- .../apps.emqx.io/v1beta3/emqxbrokers.yaml | 185 +- .../apps.emqx.io/v1beta3/emqxenterprises.yaml | 185 +- .../apps.emqx.io/v1beta4/emqxbrokers.yaml | 244 +- .../apps.emqx.io/v1beta4/emqxenterprises.yaml | 244 +- .../apps.emqx.io/v2alpha1/emqxes.yaml | 401 +- .../apps.emqx.io/v2beta1/emqxes.yaml | 397 +- .../canaries.flanksource.com/v1/canaries.yaml | 173 + .../v1/components.yaml | 6 + .../v1/topologies.yaml | 12 + .../v1alpha2/clusterfilters.yaml | 33 + .../v1alpha2/clusterfluentbitconfigs.yaml | 43 + .../fluentbit.fluent.io/v1alpha2/filters.yaml | 33 + .../v1alpha2/fluentbitconfigs.yaml | 174 + .../v1/kustomizations.yaml | 10 + .../v2/teleportprovisiontokens.yaml | 24 + .../app.terraform.io/v1alpha2/agentpools.yaml | 1336 ++-- .../app.terraform.io/v1alpha2/modules.yaml | 28 +- .../app.terraform.io/v1alpha2/workspaces.yaml | 130 +- .../infinispan.org/v1/infinispans.yaml | 7 + .../k8up-io/k8up/k8up.io/v1/archives.yaml | 164 + .../k8up-io/k8up/k8up.io/v1/backups.yaml | 128 + .../k8up-io/k8up/k8up.io/v1/checks.yaml | 128 + .../k8up-io/k8up/k8up.io/v1/prunes.yaml | 128 + .../k8up-io/k8up/k8up.io/v1/restores.yaml | 164 + .../k8up-io/k8up/k8up.io/v1/schedules.yaml | 748 +++ .../v1beta1/knativeeventings.yaml | 6 + .../v1beta1/knativeservings.yaml | 6 + .../m4e.krestomat.io/v1alpha1/moodles.yaml | 3 + .../m4e.krestomat.io/v1alpha1/nginxes.yaml | 4 + .../m4e.krestomat.io/v1alpha1/phpfpms.yaml | 4 + .../m4e.krestomat.io/v1alpha1/routines.yaml | 3 + .../v1beta2/ibmpowervsclusters.yaml | 18 + .../v1beta2/ibmpowervsclustertemplates.yaml | 18 + .../v1beta2/ibmvpcclusters.yaml | 11 + .../v1beta1/vspheremachines.yaml | 3 + .../v1beta1/vspheremachinetemplates.yaml | 3 + .../v1beta1/vspherevms.yaml | 3 + .../cluster.x-k8s.io/v1beta1/clusters.yaml | 2 +- .../v1beta1/machinehealthchecks.yaml | 2 - .../v1/gatewayclasses.yaml | 2 +- .../v1/gateways.yaml | 63 + .../v1/grpcroutes.yaml | 813 +++ .../v1/httproutes.yaml | 12 +- .../v1alpha2/grpcroutes.yaml | 25 +- .../v1alpha2/tcproutes.yaml | 12 +- .../v1alpha2/tlsroutes.yaml | 12 +- .../v1alpha2/udproutes.yaml | 12 +- .../v1beta1/gatewayclasses.yaml | 2 +- .../v1beta1/gateways.yaml | 63 + .../v1beta1/httproutes.yaml | 12 +- .../jobset.x-k8s.io/v1alpha2/jobsets.yaml | 5 + .../v1beta1/resourceflavors.yaml | 14 + .../tests.testkube.io/v1/testexecutions.yaml | 12 +- .../v1/testsuiteexecutions.yaml | 12 +- .../tests.testkube.io/v3/tests.yaml | 3 + .../v1beta1/mattermosts.yaml | 24 +- .../v1alpha1/clusterinstallations.yaml | 4 +- .../v1beta1/flowcollectors.yaml | 200 +- .../v1beta2/flowcollectors.yaml | 275 +- .../v1alpha1/instrumentations.yaml | 15 + .../v1alpha1/opentelemetrycollectors.yaml | 8 +- .../v1alpha1/backupstorages.yaml | 4 + .../v1alpha1/databaseengines.yaml | 40 + .../v1/perconaservermongodbbackups.yaml | 4 + .../v1/perconaservermongodbrestores.yaml | 4 + .../v1/perconaservermongodbs.yaml | 2 + .../v1alpha1/contourconfigurations.yaml | 2 +- .../v1alpha1/contourdeployments.yaml | 2 +- .../v1/alertmanagers.yaml | 1340 ++-- .../monitoring.coreos.com/v1/podmonitors.yaml | 146 +- .../monitoring.coreos.com/v1/probes.yaml | 130 +- .../v1/prometheuses.yaml | 1788 ++--- .../v1/prometheusrules.yaml | 18 +- .../v1/servicemonitors.yaml | 152 +- .../v1/thanosrulers.yaml | 1302 ++-- .../v1alpha1/alertmanagerconfigs.yaml | 698 +- .../v1alpha1/prometheusagents.yaml | 1568 ++--- .../v1alpha1/scrapeconfigs.yaml | 560 +- .../v1beta1/alertmanagerconfigs.yaml | 640 +- .../v1beta2/pulpbackups.yaml | 56 +- .../v1beta2/pulps.yaml | 286 +- .../rook/ceph.rook.io/v1/cephclusters.yaml | 3 + .../v1/cephfilesystemsubvolumegroups.yaml | 10 + .../v1/virtualhostoptions.yaml | 15 + .../v1alpha1/patterns.yaml | 19 +- .../app_terraform_io/v1alpha2/agentpools.rs | 3919 ++++++++--- .../src/app_terraform_io/v1alpha2/modules.rs | 45 +- .../app_terraform_io/v1alpha2/workspaces.rs | 292 +- .../src/apps_emqx_io/v1beta3/emqxbrokers.rs | 128 + .../apps_emqx_io/v1beta3/emqxenterprises.rs | 128 + .../src/apps_emqx_io/v1beta4/emqxbrokers.rs | 175 + .../apps_emqx_io/v1beta4/emqxenterprises.rs | 175 + .../src/apps_emqx_io/v2alpha1/emqxes.rs | 284 + .../src/apps_emqx_io/v2beta1/emqxes.rs | 280 + .../apps_kubeblocks_io/v1alpha1/clusters.rs | 336 +- .../v1alpha1/opsrequests.rs | 5036 ++++++++++++-- .../v1/aerospikeclusters.rs | 3 + .../src/awx_ansible_com/v1beta1/awxs.rs | 21 +- .../canaries_flanksource_com/v1/canaries.rs | 200 + .../v1/cephfilesystemsubvolumegroups.rs | 7 + .../src/cluster_x_k8s_io/v1beta1/clusters.rs | 6 +- .../v1beta1/machinehealthchecks.rs | 4 +- .../v1alpha1/backupstorages.rs | 4 + .../v1beta1/flowcollectors.rs | 406 +- .../v1beta2/flowcollectors.rs | 515 +- .../v1alpha2/clusterfilters.rs | 39 + .../v1alpha2/clusterfluentbitconfigs.rs | 36 + .../fluentbit_fluent_io/v1alpha2/filters.rs | 39 + .../v1alpha2/fluentbitconfigs.rs | 191 + .../v1/gatewayclasses.rs | 10 + .../gateway_networking_k8s_io/v1/gateways.rs | 129 + .../v1/grpcroutes.rs | 1761 +++++ .../v1/httproutes.rs | 24 +- .../src/gateway_networking_k8s_io/v1/mod.rs | 1 + .../v1alpha2/grpcroutes.rs | 25 +- .../v1alpha2/tcproutes.rs | 24 +- .../v1alpha2/tlsroutes.rs | 24 +- .../v1alpha2/udproutes.rs | 24 +- .../v1beta1/gatewayclasses.rs | 10 + .../v1beta1/gateways.rs | 129 + .../v1beta1/httproutes.rs | 24 +- .../v1alpha1/patterns.rs | 21 +- .../src/infinispan_org/v1/infinispans.rs | 11 + .../v1beta1/vspheremachines.rs | 3 + .../v1beta1/vspheremachinetemplates.rs | 3 + .../v1beta1/vspherevms.rs | 3 + .../v1beta1/mattermosts.rs | 24 +- .../src/jobset_x_k8s_io/v1alpha2/jobsets.rs | 9 + .../src/k8up_io/v1/archives.rs | 230 + .../src/k8up_io/v1/backups.rs | 185 + .../src/k8up_io/v1/checks.rs | 185 + .../src/k8up_io/v1/prunes.rs | 185 + .../src/k8up_io/v1/restores.rs | 230 + .../src/k8up_io/v1/schedules.rs | 1060 +++ .../src/kuadrant_io/v1alpha1/dnsrecords.rs | 12 + .../kuadrant_io/v1beta2/ratelimitpolicies.rs | 325 + .../v1/kustomizations.rs | 6 + kube-custom-resources-rs/src/lib.rs | 1 + .../v1alpha1/limitadors.rs | 3 + .../v1alpha1/clusterinstallations.rs | 4 +- .../monitoring_coreos_com/v1/alertmanagers.rs | 4049 +++++++++--- .../monitoring_coreos_com/v1/podmonitors.rs | 461 +- .../src/monitoring_coreos_com/v1/probes.rs | 359 +- .../monitoring_coreos_com/v1/prometheuses.rs | 5855 +++++++++++++---- .../v1/prometheusrules.rs | 20 +- .../v1/servicemonitors.rs | 469 +- .../monitoring_coreos_com/v1/thanosrulers.rs | 3954 ++++++++--- .../v1alpha1/alertmanagerconfigs.rs | 1720 +++-- .../v1alpha1/prometheusagents.rs | 5055 +++++++++++--- .../v1alpha1/scrapeconfigs.rs | 1502 +++-- .../v1beta1/alertmanagerconfigs.rs | 1612 +++-- .../v1alpha1/instrumentations.rs | 12 + .../v1alpha1/opentelemetrycollectors.rs | 7 +- .../v1beta1/postgresclusters.rs | 3 - .../v1alpha1/contourconfigurations.rs | 6 +- .../v1alpha1/contourdeployments.rs | 6 +- .../v1/perconaservermongodbbackups.rs | 3 + .../v1/perconaservermongodbrestores.rs | 3 + .../src/rc_app_stacks/v1/runtimecomponents.rs | 124 +- .../v1beta2/runtimecomponents.rs | 120 +- .../v1beta2/pulpbackups.rs | 40 +- .../v1beta2/pulps.rs | 206 +- .../v1beta2/scheduledsparkapplications.rs | 2 + .../v1beta2/sparkapplications.rs | 2 + .../tests_testkube_io/v1/testexecutions.rs | 22 +- .../v1/testsuiteexecutions.rs | 22 +- .../src/tests_testkube_io/v3/tests.rs | 3 + .../v1alpha1/replicatedstatemachines.rs | 102 +- 193 files changed, 53173 insertions(+), 13132 deletions(-) create mode 100644 crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/grpcroutes.yaml create mode 100644 kube-custom-resources-rs/src/gateway_networking_k8s_io/v1/grpcroutes.rs diff --git a/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/pgadmins.yaml b/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/pgadmins.yaml index a8d6c4720..623340bb5 100644 --- a/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/pgadmins.yaml +++ b/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/pgadmins.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.8.0" + controller-gen.kubebuilder.io/version: "v0.9.0" labels: app.kubernetes.io/name: "pgo" app.kubernetes.io/version: "latest" diff --git a/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/pgupgrades.yaml b/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/pgupgrades.yaml index 89c2caa79..e8a478d83 100644 --- a/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/pgupgrades.yaml +++ b/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/pgupgrades.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.8.0" + controller-gen.kubebuilder.io/version: "v0.9.0" labels: app.kubernetes.io/name: "pgo" app.kubernetes.io/version: "latest" diff --git a/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/postgresclusters.yaml b/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/postgresclusters.yaml index ccd30cb39..f6d87f324 100644 --- a/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/postgresclusters.yaml +++ b/crd-catalog/CrunchyData/postgres-operator/postgres-operator.crunchydata.com/v1beta1/postgresclusters.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.8.0" + controller-gen.kubebuilder.io/version: "v0.9.0" labels: app.kubernetes.io/name: "pgo" app.kubernetes.io/version: "latest" @@ -8726,7 +8726,6 @@ spec: type: "object" type: "object" registrationRequired: - description: "Version information for installations with a registration requirement." properties: pgoVersion: type: "string" @@ -8738,7 +8737,6 @@ spec: description: "The instance set associated with the startupInstance" type: "string" tokenRequired: - description: "Signals the need for a token to be applied when registration is required." type: "string" userInterface: description: "Current state of the PostgreSQL user interface." diff --git a/crd-catalog/GoogleCloudPlatform/spark-on-k8s-operator/sparkoperator.k8s.io/v1beta2/scheduledsparkapplications.yaml b/crd-catalog/GoogleCloudPlatform/spark-on-k8s-operator/sparkoperator.k8s.io/v1beta2/scheduledsparkapplications.yaml index 2933a9c69..d36202a06 100644 --- a/crd-catalog/GoogleCloudPlatform/spark-on-k8s-operator/sparkoperator.k8s.io/v1beta2/scheduledsparkapplications.yaml +++ b/crd-catalog/GoogleCloudPlatform/spark-on-k8s-operator/sparkoperator.k8s.io/v1beta2/scheduledsparkapplications.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - api-approved.kubernetes.io: "https://github.com/GoogleCloudPlatform/spark-on-k8s-operator/pull/1298" + api-approved.kubernetes.io: "https://github.com/kubeflow/spark-operator/pull/1298" controller-gen.kubebuilder.io/version: "(unknown)" name: "scheduledsparkapplications.sparkoperator.k8s.io" spec: @@ -3759,6 +3759,10 @@ spec: additionalProperties: type: "string" type: "object" + serviceLabels: + additionalProperties: + type: "string" + type: "object" servicePort: format: "int32" type: "integer" diff --git a/crd-catalog/GoogleCloudPlatform/spark-on-k8s-operator/sparkoperator.k8s.io/v1beta2/sparkapplications.yaml b/crd-catalog/GoogleCloudPlatform/spark-on-k8s-operator/sparkoperator.k8s.io/v1beta2/sparkapplications.yaml index 4278b88a0..2c12ef144 100644 --- a/crd-catalog/GoogleCloudPlatform/spark-on-k8s-operator/sparkoperator.k8s.io/v1beta2/sparkapplications.yaml +++ b/crd-catalog/GoogleCloudPlatform/spark-on-k8s-operator/sparkoperator.k8s.io/v1beta2/sparkapplications.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - api-approved.kubernetes.io: "https://github.com/GoogleCloudPlatform/spark-on-k8s-operator/pull/1298" + api-approved.kubernetes.io: "https://github.com/kubeflow/spark-operator/pull/1298" controller-gen.kubebuilder.io/version: "(unknown)" name: "sparkapplications.sparkoperator.k8s.io" spec: @@ -3745,6 +3745,10 @@ spec: additionalProperties: type: "string" type: "object" + serviceLabels: + additionalProperties: + type: "string" + type: "object" servicePort: format: "int32" type: "integer" diff --git a/crd-catalog/Kuadrant/dns-operator/kuadrant.io/v1alpha1/dnsrecords.yaml b/crd-catalog/Kuadrant/dns-operator/kuadrant.io/v1alpha1/dnsrecords.yaml index ca8e1dd28..94c332489 100644 --- a/crd-catalog/Kuadrant/dns-operator/kuadrant.io/v1alpha1/dnsrecords.yaml +++ b/crd-catalog/Kuadrant/dns-operator/kuadrant.io/v1alpha1/dnsrecords.yaml @@ -244,6 +244,21 @@ spec: description: "observedGeneration is the most recently observed generation of the DNSRecord. When the DNSRecord is updated, the controller updates the corresponding record in each managed zone. If an update for a particular zone fails, that failure is recorded in the status condition for the zone so that the controller can determine that it needs to retry the update for that specific zone." format: "int64" type: "integer" + queuedAt: + description: "QueuedAt is a time when DNS record was received for the reconciliation" + format: "date-time" + type: "string" + queuedFor: + description: "QueuedFor is a time when we expect a DNS record to be reconciled again" + format: "date-time" + type: "string" + validFor: + description: "ValidFor indicates duration since the last reconciliation we consider data in the record to be valid" + type: "string" + writeCounter: + description: "WriteCounter represent a number of consecutive write attempts on the same generation of the record. It is being reset to 0 when the generation changes or there are no changes to write." + format: "int64" + type: "integer" type: "object" type: "object" served: true diff --git a/crd-catalog/Kuadrant/kuadrant-operator/kuadrant.io/v1beta2/authpolicies.yaml b/crd-catalog/Kuadrant/kuadrant-operator/kuadrant.io/v1beta2/authpolicies.yaml index 8f2cd2d0f..f01f625b7 100644 --- a/crd-catalog/Kuadrant/kuadrant-operator/kuadrant.io/v1beta2/authpolicies.yaml +++ b/crd-catalog/Kuadrant/kuadrant-operator/kuadrant.io/v1beta2/authpolicies.yaml @@ -53,7 +53,2642 @@ spec: metadata: type: "object" spec: + description: "RouteSelectors - implicit default validation\nRouteSelectors - explicit default validation\nMutual Exclusivity Validation" properties: + defaults: + description: "Defaults define explicit default values for this policy and for policies inheriting this policy.\nDefaults are mutually exclusive with implicit defaults defined by AuthPolicyCommonSpec." + properties: + patterns: + additionalProperties: + items: + properties: + operator: + description: "The binary operator to be applied to the content fetched from the authorization JSON, for comparison with \"value\".\nPossible values are: \"eq\" (equal to), \"neq\" (not equal to), \"incl\" (includes; for arrays), \"excl\" (excludes; for arrays), \"matches\" (regex)" + enum: + - "eq" + - "neq" + - "incl" + - "excl" + - "matches" + type: "string" + selector: + description: "Path selector to fetch content from the authorization JSON (e.g. 'request.method').\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nAuthorino custom JSON path modifiers are also supported." + type: "string" + value: + description: "The value of reference for the comparison with the content fetched from the authorization JSON.\nIf used with the \"matches\" operator, the value must compile to a valid Golang regex." + type: "string" + type: "object" + type: "array" + description: "Named sets of patterns that can be referred in `when` conditions and in pattern-matching authorization policy rules." + type: "object" + routeSelectors: + description: "Top-level route selectors.\nIf present, the elements will be used to select HTTPRoute rules that, when activated, trigger the external authorization service.\nAt least one selected HTTPRoute rule must match to trigger the AuthPolicy.\nIf no route selectors are specified, the AuthPolicy will be enforced at all requests to the protected routes." + items: + description: "RouteSelector defines semantics for matching an HTTP request based on conditions\nhttps://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteSpec" + properties: + hostnames: + description: "Hostnames defines a set of hostname that should match against the HTTP Host header to select a HTTPRoute to process the request\nhttps://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteSpec" + items: + description: "Hostname is the fully qualified domain name of a network host. This matches\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\n\n\n 1. IPs are not allowed.\n 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label must appear by itself as the first label.\n\n\nHostname can be \"precise\" which is a domain name without the terminating\ndot of a network host (e.g. \"foo.example.com\") or \"wildcard\", which is a\ndomain name prefixed with a single wildcard label (e.g. `*.example.com`).\n\n\nNote that as per RFC1035 and RFC1123, a *label* must consist of lower case\nalphanumeric characters or '-', and must start and end with an alphanumeric\ncharacter. No other punctuation is allowed." + maxLength: 253 + minLength: 1 + pattern: "^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + type: "array" + matches: + description: "Matches define conditions used for matching the rule against incoming HTTP requests.\nhttps://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteSpec" + items: + description: "HTTPRouteMatch defines the predicate used to match requests to a given\naction. Multiple match types are ANDed together, i.e. the match will\nevaluate to true only if all conditions are satisfied.\n\n\nFor example, the match below will match a HTTP request only if its path\nstarts with `/foo` AND it contains the `version: v1` header:\n\n\n```\nmatch:\n\n\n\tpath:\n\t value: \"/foo\"\n\theaders:\n\t- name: \"version\"\n\t value \"v1\"\n\n\n```" + properties: + headers: + description: "Headers specifies HTTP request header matchers. Multiple match values are\nANDed together, meaning, a request must match all the specified headers\nto select the route." + items: + description: "HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request\nheaders." + properties: + name: + description: "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.\n\n\nWhen a header is repeated in an HTTP request, it is\nimplementation-specific behavior as to how this is represented.\nGenerally, proxies should follow the guidance from the RFC:\nhttps://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding\nprocessing a repeated header, with special handling for \"Set-Cookie\"." + maxLength: 256 + minLength: 1 + pattern: "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" + type: "string" + type: + default: "Exact" + description: "Type specifies how to match against the value of the header.\n\n\nSupport: Core (Exact)\n\n\nSupport: Implementation-specific (RegularExpression)\n\n\nSince RegularExpression HeaderMatchType has implementation-specific\nconformance, implementations can support POSIX, PCRE or any other dialects\nof regular expressions. Please read the implementation's documentation to\ndetermine the supported dialect." + enum: + - "Exact" + - "RegularExpression" + type: "string" + value: + description: "Value is the value of HTTP Header to be matched." + maxLength: 4096 + minLength: 1 + type: "string" + required: + - "name" + - "value" + type: "object" + maxItems: 16 + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + method: + description: "Method specifies HTTP method matcher.\nWhen specified, this route will be matched only if the request has the\nspecified method.\n\n\nSupport: Extended" + enum: + - "GET" + - "HEAD" + - "POST" + - "PUT" + - "DELETE" + - "CONNECT" + - "OPTIONS" + - "TRACE" + - "PATCH" + type: "string" + path: + default: + type: "PathPrefix" + value: "/" + description: "Path specifies a HTTP request path matcher. If this field is not\nspecified, a default prefix match on the \"/\" path is provided." + properties: + type: + default: "PathPrefix" + description: "Type specifies how to match against the path Value.\n\n\nSupport: Core (Exact, PathPrefix)\n\n\nSupport: Implementation-specific (RegularExpression)" + enum: + - "Exact" + - "PathPrefix" + - "RegularExpression" + type: "string" + value: + default: "/" + description: "Value of the HTTP path to match against." + maxLength: 1024 + type: "string" + type: "object" + x-kubernetes-validations: + - message: "value must be an absolute path and start with '/' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? self.value.startsWith('/') : true" + - message: "must not contain '//' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('//') : true" + - message: "must not contain '/./' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('/./') : true" + - message: "must not contain '/../' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('/../') : true" + - message: "must not contain '%2f' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('%2f') : true" + - message: "must not contain '%2F' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('%2F') : true" + - message: "must not contain '#' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('#') : true" + - message: "must not end with '/..' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.endsWith('/..') : true" + - message: "must not end with '/.' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.endsWith('/.') : true" + - message: "type must be one of ['Exact', 'PathPrefix', 'RegularExpression']" + rule: "self.type in ['Exact','PathPrefix'] || self.type == 'RegularExpression'" + - message: "must only contain valid characters (matching ^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$) for types ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? self.value.matches(r\"\"\"^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$\"\"\") : true" + queryParams: + description: "QueryParams specifies HTTP query parameter matchers. Multiple match\nvalues are ANDed together, meaning, a request must match all the\nspecified query parameters to select the route.\n\n\nSupport: Extended" + items: + description: "HTTPQueryParamMatch describes how to select a HTTP route by matching HTTP\nquery parameters." + properties: + name: + description: "Name is the name of the HTTP query param to be matched. This must be an\nexact string match. (See\nhttps://tools.ietf.org/html/rfc7230#section-2.7.3).\n\n\nIf multiple entries specify equivalent query param names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent query param name MUST be ignored.\n\n\nIf a query param is repeated in an HTTP request, the behavior is\npurposely left undefined, since different data planes have different\ncapabilities. However, it is *recommended* that implementations should\nmatch against the first value of the param if the data plane supports it,\nas this behavior is expected in other load balancing contexts outside of\nthe Gateway API.\n\n\nUsers SHOULD NOT route traffic based on repeated query params to guard\nthemselves against potential differences in the implementations." + maxLength: 256 + minLength: 1 + pattern: "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" + type: "string" + type: + default: "Exact" + description: "Type specifies how to match against the value of the query parameter.\n\n\nSupport: Extended (Exact)\n\n\nSupport: Implementation-specific (RegularExpression)\n\n\nSince RegularExpression QueryParamMatchType has Implementation-specific\nconformance, implementations can support POSIX, PCRE or any other\ndialects of regular expressions. Please read the implementation's\ndocumentation to determine the supported dialect." + enum: + - "Exact" + - "RegularExpression" + type: "string" + value: + description: "Value is the value of HTTP query param to be matched." + maxLength: 1024 + minLength: 1 + type: "string" + required: + - "name" + - "value" + type: "object" + maxItems: 16 + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + type: "object" + maxItems: 8 + type: "array" + type: "object" + maxItems: 15 + type: "array" + rules: + description: "The auth rules of the policy.\nSee Authorino's AuthConfig CRD for more details." + properties: + authentication: + additionalProperties: + properties: + anonymous: + description: "Anonymous access." + type: "object" + apiKey: + description: "Authentication based on API keys stored in Kubernetes secrets." + properties: + allNamespaces: + default: false + description: "Whether Authorino should look for API key secrets in all namespaces or only in the same namespace as the AuthConfig.\nEnabling this option in namespaced Authorino instances has no effect." + type: "boolean" + selector: + description: "Label selector used by Authorino to match secrets from the cluster storing valid credentials to authenticate to this service" + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + required: + - "selector" + type: "object" + cache: + description: "Caching options for the resolved object returned when applying this config.\nOmit it to avoid caching objects for this config." + properties: + key: + description: "Key used to store the entry in the cache.\nThe resolved key must be unique within the scope of this particular config." + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + ttl: + default: 60 + description: "Duration (in seconds) of the external data in the cache before pulled again from the source." + type: "integer" + required: + - "key" + type: "object" + credentials: + description: "Defines where credentials are required to be passed in the request for authentication based on this config.\nIf omitted, it defaults to credentials passed in the HTTP Authorization header and the \"Bearer\" prefix prepended to the secret credential value." + properties: + authorizationHeader: + properties: + prefix: + type: "string" + type: "object" + cookie: + properties: + name: + type: "string" + required: + - "name" + type: "object" + customHeader: + properties: + name: + type: "string" + required: + - "name" + type: "object" + queryString: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "object" + defaults: + additionalProperties: + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + description: "Set default property values (claims) for the resolved identity object, that are set before appending the object to\nthe authorization JSON. If the property is already present in the resolved identity object, the default value is ignored.\nIt requires the resolved identity object to always be a JSON object.\nDo not use this option with identity objects of other JSON types (array, string, etc)." + type: "object" + jwt: + description: "Authentication based on JWT tokens." + properties: + issuerUrl: + description: "URL of the issuer of the JWT.\nIf `jwksUrl` is omitted, Authorino will append the path to the OpenID Connect Well-Known Discovery endpoint\n(i.e. \"/.well-known/openid-configuration\") to this URL, to discover the OIDC configuration where to obtain\nthe \"jkws_uri\" claim from.\nThe value must coincide with the value of the \"iss\" (issuer) claim of the discovered OpenID Connect configuration." + type: "string" + ttl: + description: "Decides how long to wait before refreshing the JWKS (in seconds).\nIf omitted, Authorino will never refresh the JWKS." + type: "integer" + type: "object" + kubernetesTokenReview: + description: "Authentication by Kubernetes token review." + properties: + audiences: + description: "The list of audiences (scopes) that must be claimed in a Kubernetes authentication token supplied in the request, and reviewed by Authorino.\nIf omitted, Authorino will review tokens expecting the host name of the requested protected service amongst the audiences." + items: + type: "string" + type: "array" + type: "object" + metrics: + default: false + description: "Whether this config should generate individual observability metrics" + type: "boolean" + oauth2Introspection: + description: "Authentication by OAuth2 token introspection." + properties: + credentialsRef: + description: "Reference to a Kubernetes secret in the same namespace, that stores client credentials to the OAuth2 server." + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + endpoint: + description: "The full URL of the token introspection endpoint." + type: "string" + tokenTypeHint: + description: "The token type hint for the token introspection.\nIf omitted, it defaults to \"access_token\"." + type: "string" + required: + - "credentialsRef" + - "endpoint" + type: "object" + overrides: + additionalProperties: + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + description: "Overrides the resolved identity object by setting the additional properties (claims) specified in this config,\nbefore appending the object to the authorization JSON.\nIt requires the resolved identity object to always be a JSON object.\nDo not use this option with identity objects of other JSON types (array, string, etc)." + type: "object" + plain: + description: "Identity object extracted from the context.\nUse this method when authentication is performed beforehand by a proxy and the resulting object passed to Authorino as JSON in the auth request." + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + required: + - "selector" + type: "object" + priority: + default: 0 + description: "Priority group of the config.\nAll configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially." + type: "integer" + routeSelectors: + description: "Top-level route selectors.\nIf present, the elements will be used to select HTTPRoute rules that, when activated, trigger the auth rule.\nAt least one selected HTTPRoute rule must match to trigger the auth rule.\nIf no route selectors are specified, the auth rule will be evaluated at all requests to the protected routes." + items: + description: "RouteSelector defines semantics for matching an HTTP request based on conditions\nhttps://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteSpec" + properties: + hostnames: + description: "Hostnames defines a set of hostname that should match against the HTTP Host header to select a HTTPRoute to process the request\nhttps://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteSpec" + items: + description: "Hostname is the fully qualified domain name of a network host. This matches\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\n\n\n 1. IPs are not allowed.\n 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label must appear by itself as the first label.\n\n\nHostname can be \"precise\" which is a domain name without the terminating\ndot of a network host (e.g. \"foo.example.com\") or \"wildcard\", which is a\ndomain name prefixed with a single wildcard label (e.g. `*.example.com`).\n\n\nNote that as per RFC1035 and RFC1123, a *label* must consist of lower case\nalphanumeric characters or '-', and must start and end with an alphanumeric\ncharacter. No other punctuation is allowed." + maxLength: 253 + minLength: 1 + pattern: "^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + type: "array" + matches: + description: "Matches define conditions used for matching the rule against incoming HTTP requests.\nhttps://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteSpec" + items: + description: "HTTPRouteMatch defines the predicate used to match requests to a given\naction. Multiple match types are ANDed together, i.e. the match will\nevaluate to true only if all conditions are satisfied.\n\n\nFor example, the match below will match a HTTP request only if its path\nstarts with `/foo` AND it contains the `version: v1` header:\n\n\n```\nmatch:\n\n\n\tpath:\n\t value: \"/foo\"\n\theaders:\n\t- name: \"version\"\n\t value \"v1\"\n\n\n```" + properties: + headers: + description: "Headers specifies HTTP request header matchers. Multiple match values are\nANDed together, meaning, a request must match all the specified headers\nto select the route." + items: + description: "HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request\nheaders." + properties: + name: + description: "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.\n\n\nWhen a header is repeated in an HTTP request, it is\nimplementation-specific behavior as to how this is represented.\nGenerally, proxies should follow the guidance from the RFC:\nhttps://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding\nprocessing a repeated header, with special handling for \"Set-Cookie\"." + maxLength: 256 + minLength: 1 + pattern: "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" + type: "string" + type: + default: "Exact" + description: "Type specifies how to match against the value of the header.\n\n\nSupport: Core (Exact)\n\n\nSupport: Implementation-specific (RegularExpression)\n\n\nSince RegularExpression HeaderMatchType has implementation-specific\nconformance, implementations can support POSIX, PCRE or any other dialects\nof regular expressions. Please read the implementation's documentation to\ndetermine the supported dialect." + enum: + - "Exact" + - "RegularExpression" + type: "string" + value: + description: "Value is the value of HTTP Header to be matched." + maxLength: 4096 + minLength: 1 + type: "string" + required: + - "name" + - "value" + type: "object" + maxItems: 16 + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + method: + description: "Method specifies HTTP method matcher.\nWhen specified, this route will be matched only if the request has the\nspecified method.\n\n\nSupport: Extended" + enum: + - "GET" + - "HEAD" + - "POST" + - "PUT" + - "DELETE" + - "CONNECT" + - "OPTIONS" + - "TRACE" + - "PATCH" + type: "string" + path: + default: + type: "PathPrefix" + value: "/" + description: "Path specifies a HTTP request path matcher. If this field is not\nspecified, a default prefix match on the \"/\" path is provided." + properties: + type: + default: "PathPrefix" + description: "Type specifies how to match against the path Value.\n\n\nSupport: Core (Exact, PathPrefix)\n\n\nSupport: Implementation-specific (RegularExpression)" + enum: + - "Exact" + - "PathPrefix" + - "RegularExpression" + type: "string" + value: + default: "/" + description: "Value of the HTTP path to match against." + maxLength: 1024 + type: "string" + type: "object" + x-kubernetes-validations: + - message: "value must be an absolute path and start with '/' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? self.value.startsWith('/') : true" + - message: "must not contain '//' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('//') : true" + - message: "must not contain '/./' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('/./') : true" + - message: "must not contain '/../' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('/../') : true" + - message: "must not contain '%2f' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('%2f') : true" + - message: "must not contain '%2F' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('%2F') : true" + - message: "must not contain '#' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('#') : true" + - message: "must not end with '/..' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.endsWith('/..') : true" + - message: "must not end with '/.' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.endsWith('/.') : true" + - message: "type must be one of ['Exact', 'PathPrefix', 'RegularExpression']" + rule: "self.type in ['Exact','PathPrefix'] || self.type == 'RegularExpression'" + - message: "must only contain valid characters (matching ^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$) for types ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? self.value.matches(r\"\"\"^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$\"\"\") : true" + queryParams: + description: "QueryParams specifies HTTP query parameter matchers. Multiple match\nvalues are ANDed together, meaning, a request must match all the\nspecified query parameters to select the route.\n\n\nSupport: Extended" + items: + description: "HTTPQueryParamMatch describes how to select a HTTP route by matching HTTP\nquery parameters." + properties: + name: + description: "Name is the name of the HTTP query param to be matched. This must be an\nexact string match. (See\nhttps://tools.ietf.org/html/rfc7230#section-2.7.3).\n\n\nIf multiple entries specify equivalent query param names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent query param name MUST be ignored.\n\n\nIf a query param is repeated in an HTTP request, the behavior is\npurposely left undefined, since different data planes have different\ncapabilities. However, it is *recommended* that implementations should\nmatch against the first value of the param if the data plane supports it,\nas this behavior is expected in other load balancing contexts outside of\nthe Gateway API.\n\n\nUsers SHOULD NOT route traffic based on repeated query params to guard\nthemselves against potential differences in the implementations." + maxLength: 256 + minLength: 1 + pattern: "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" + type: "string" + type: + default: "Exact" + description: "Type specifies how to match against the value of the query parameter.\n\n\nSupport: Extended (Exact)\n\n\nSupport: Implementation-specific (RegularExpression)\n\n\nSince RegularExpression QueryParamMatchType has Implementation-specific\nconformance, implementations can support POSIX, PCRE or any other\ndialects of regular expressions. Please read the implementation's\ndocumentation to determine the supported dialect." + enum: + - "Exact" + - "RegularExpression" + type: "string" + value: + description: "Value is the value of HTTP query param to be matched." + maxLength: 1024 + minLength: 1 + type: "string" + required: + - "name" + - "value" + type: "object" + maxItems: 16 + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + type: "object" + maxItems: 8 + type: "array" + type: "object" + maxItems: 8 + type: "array" + when: + description: "Conditions for Authorino to enforce this config.\nIf omitted, the config will be enforced for all requests.\nIf present, all conditions must match for the config to be enforced; otherwise, the config will be skipped." + items: + properties: + all: + description: "A list of pattern expressions to be evaluated as a logical AND." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + any: + description: "A list of pattern expressions to be evaluated as a logical OR." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + operator: + description: "The binary operator to be applied to the content fetched from the authorization JSON, for comparison with \"value\".\nPossible values are: \"eq\" (equal to), \"neq\" (not equal to), \"incl\" (includes; for arrays), \"excl\" (excludes; for arrays), \"matches\" (regex)" + enum: + - "eq" + - "neq" + - "incl" + - "excl" + - "matches" + type: "string" + patternRef: + description: "Reference to a named set of pattern expressions" + type: "string" + selector: + description: "Path selector to fetch content from the authorization JSON (e.g. 'request.method').\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nAuthorino custom JSON path modifiers are also supported." + type: "string" + value: + description: "The value of reference for the comparison with the content fetched from the authorization JSON.\nIf used with the \"matches\" operator, the value must compile to a valid Golang regex." + type: "string" + type: "object" + type: "array" + x509: + description: "Authentication based on client X.509 certificates.\nThe certificates presented by the clients must be signed by a trusted CA whose certificates are stored in Kubernetes secrets." + properties: + allNamespaces: + default: false + description: "Whether Authorino should look for TLS secrets in all namespaces or only in the same namespace as the AuthConfig.\nEnabling this option in namespaced Authorino instances has no effect." + type: "boolean" + selector: + description: "Label selector used by Authorino to match secrets from the cluster storing trusted CA certificates to validate\nclients trying to authenticate to this service" + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + required: + - "selector" + type: "object" + type: "object" + description: "Authentication configs.\nAt least one config MUST evaluate to a valid identity object for the auth request to be successful." + maxProperties: 14 + type: "object" + authorization: + additionalProperties: + properties: + cache: + description: "Caching options for the resolved object returned when applying this config.\nOmit it to avoid caching objects for this config." + properties: + key: + description: "Key used to store the entry in the cache.\nThe resolved key must be unique within the scope of this particular config." + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + ttl: + default: 60 + description: "Duration (in seconds) of the external data in the cache before pulled again from the source." + type: "integer" + required: + - "key" + type: "object" + kubernetesSubjectAccessReview: + description: "Authorization by Kubernetes SubjectAccessReview" + properties: + groups: + description: "Groups the user must be a member of or, if `user` is omitted, the groups to check for authorization in the Kubernetes RBAC." + items: + type: "string" + type: "array" + resourceAttributes: + description: "Use resourceAttributes to check permissions on Kubernetes resources.\nIf omitted, it performs a non-resource SubjectAccessReview, with verb and path inferred from the request." + properties: + group: + description: "API group of the resource.\nUse '*' for all API groups." + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + name: + description: "Resource name\nOmit it to check for authorization on all resources of the specified kind." + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + namespace: + description: "Namespace where the user must have permissions on the resource." + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + resource: + description: "Resource kind\nUse '*' for all resource kinds." + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + subresource: + description: "Subresource kind" + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + verb: + description: "Verb to check for authorization on the resource.\nUse '*' for all verbs." + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + user: + description: "User to check for authorization in the Kubernetes RBAC.\nOmit it to check for group authorization only." + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + metrics: + default: false + description: "Whether this config should generate individual observability metrics" + type: "boolean" + opa: + description: "Open Policy Agent (OPA) Rego policy." + properties: + allValues: + default: false + description: "Returns the value of all Rego rules in the virtual document. Values can be read in subsequent evaluators/phases of the Auth Pipeline.\nOtherwise, only the default `allow` rule will be exposed.\nReturning all Rego rules can affect performance of OPA policies during reconciliation (policy precompile) and at runtime." + type: "boolean" + externalPolicy: + description: "Settings for fetching the OPA policy from an external registry.\nUse it alternatively to 'rego'.\nFor the configurations of the HTTP request, the following options are not implemented: 'method', 'body', 'bodyParameters',\n'contentType', 'headers', 'oauth2'. Use it only with: 'url', 'sharedSecret', 'credentials'." + properties: + body: + description: "Raw body of the HTTP request.\nSupersedes 'bodyParameters'; use either one or the other.\nUse it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used)." + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + bodyParameters: + additionalProperties: + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + description: "Custom parameters to encode in the body of the HTTP request.\nSuperseded by 'body'; use either one or the other.\nUse it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used)." + type: "object" + contentType: + default: "application/x-www-form-urlencoded" + description: "Content-Type of the request body. Shapes how 'bodyParameters' are encoded.\nUse it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'." + enum: + - "application/x-www-form-urlencoded" + - "application/json" + type: "string" + credentials: + description: "Defines where client credentials will be passed in the request to the service.\nIf omitted, it defaults to client credentials passed in the HTTP Authorization header and the \"Bearer\" prefix expected prepended to the secret value." + properties: + authorizationHeader: + properties: + prefix: + type: "string" + type: "object" + cookie: + properties: + name: + type: "string" + required: + - "name" + type: "object" + customHeader: + properties: + name: + type: "string" + required: + - "name" + type: "object" + queryString: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + description: "Custom headers in the HTTP request." + type: "object" + method: + default: "GET" + description: "HTTP verb used in the request to the service. Accepted values: GET (default), POST.\nWhen the request method is POST, the authorization JSON is passed in the body of the request." + enum: + - "GET" + - "POST" + - "PUT" + - "PATCH" + - "DELETE" + - "HEAD" + - "OPTIONS" + - "CONNECT" + - "TRACE" + type: "string" + oauth2: + description: "Authentication with the HTTP service by OAuth2 Client Credentials grant." + properties: + cache: + default: true + description: "Caches and reuses the token until expired.\nSet it to false to force fetch the token at every authorization request regardless of expiration." + type: "boolean" + clientId: + description: "OAuth2 Client ID." + type: "string" + clientSecretRef: + description: "Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "The name of the secret in the Authorino's namespace to select from." + type: "string" + required: + - "key" + - "name" + type: "object" + extraParams: + additionalProperties: + type: "string" + description: "Optional extra parameters for the requests to the token URL." + type: "object" + scopes: + description: "Optional scopes for the client credentials grant, if supported by he OAuth2 server." + items: + type: "string" + type: "array" + tokenUrl: + description: "Token endpoint URL of the OAuth2 resource server." + type: "string" + required: + - "clientId" + - "clientSecretRef" + - "tokenUrl" + type: "object" + sharedSecretRef: + description: "Reference to a Secret key whose value will be passed by Authorino in the request.\nThe HTTP service can use the shared secret to authenticate the origin of the request.\nIgnored if used together with oauth2." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "The name of the secret in the Authorino's namespace to select from." + type: "string" + required: + - "key" + - "name" + type: "object" + ttl: + description: "Duration (in seconds) of the external data in the cache before pulled again from the source." + type: "integer" + url: + description: "Endpoint URL of the HTTP service.\nThe value can include variable placeholders in the format \"{selector}\", where \"selector\" is any pattern supported\nby https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON.\nE.g. https://ext-auth-server.io/metadata?p={request.path}" + type: "string" + required: + - "url" + type: "object" + rego: + description: "Authorization policy as a Rego language document.\nThe Rego document must include the \"allow\" condition, set by Authorino to \"false\" by default (i.e. requests are unauthorized unless changed).\nThe Rego document must NOT include the \"package\" declaration in line 1." + type: "string" + type: "object" + patternMatching: + description: "Pattern-matching authorization rules." + properties: + patterns: + items: + properties: + all: + description: "A list of pattern expressions to be evaluated as a logical AND." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + any: + description: "A list of pattern expressions to be evaluated as a logical OR." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + operator: + description: "The binary operator to be applied to the content fetched from the authorization JSON, for comparison with \"value\".\nPossible values are: \"eq\" (equal to), \"neq\" (not equal to), \"incl\" (includes; for arrays), \"excl\" (excludes; for arrays), \"matches\" (regex)" + enum: + - "eq" + - "neq" + - "incl" + - "excl" + - "matches" + type: "string" + patternRef: + description: "Reference to a named set of pattern expressions" + type: "string" + selector: + description: "Path selector to fetch content from the authorization JSON (e.g. 'request.method').\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nAuthorino custom JSON path modifiers are also supported." + type: "string" + value: + description: "The value of reference for the comparison with the content fetched from the authorization JSON.\nIf used with the \"matches\" operator, the value must compile to a valid Golang regex." + type: "string" + type: "object" + type: "array" + required: + - "patterns" + type: "object" + priority: + default: 0 + description: "Priority group of the config.\nAll configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially." + type: "integer" + routeSelectors: + description: "Top-level route selectors.\nIf present, the elements will be used to select HTTPRoute rules that, when activated, trigger the auth rule.\nAt least one selected HTTPRoute rule must match to trigger the auth rule.\nIf no route selectors are specified, the auth rule will be evaluated at all requests to the protected routes." + items: + description: "RouteSelector defines semantics for matching an HTTP request based on conditions\nhttps://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteSpec" + properties: + hostnames: + description: "Hostnames defines a set of hostname that should match against the HTTP Host header to select a HTTPRoute to process the request\nhttps://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteSpec" + items: + description: "Hostname is the fully qualified domain name of a network host. This matches\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\n\n\n 1. IPs are not allowed.\n 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label must appear by itself as the first label.\n\n\nHostname can be \"precise\" which is a domain name without the terminating\ndot of a network host (e.g. \"foo.example.com\") or \"wildcard\", which is a\ndomain name prefixed with a single wildcard label (e.g. `*.example.com`).\n\n\nNote that as per RFC1035 and RFC1123, a *label* must consist of lower case\nalphanumeric characters or '-', and must start and end with an alphanumeric\ncharacter. No other punctuation is allowed." + maxLength: 253 + minLength: 1 + pattern: "^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + type: "array" + matches: + description: "Matches define conditions used for matching the rule against incoming HTTP requests.\nhttps://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteSpec" + items: + description: "HTTPRouteMatch defines the predicate used to match requests to a given\naction. Multiple match types are ANDed together, i.e. the match will\nevaluate to true only if all conditions are satisfied.\n\n\nFor example, the match below will match a HTTP request only if its path\nstarts with `/foo` AND it contains the `version: v1` header:\n\n\n```\nmatch:\n\n\n\tpath:\n\t value: \"/foo\"\n\theaders:\n\t- name: \"version\"\n\t value \"v1\"\n\n\n```" + properties: + headers: + description: "Headers specifies HTTP request header matchers. Multiple match values are\nANDed together, meaning, a request must match all the specified headers\nto select the route." + items: + description: "HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request\nheaders." + properties: + name: + description: "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.\n\n\nWhen a header is repeated in an HTTP request, it is\nimplementation-specific behavior as to how this is represented.\nGenerally, proxies should follow the guidance from the RFC:\nhttps://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding\nprocessing a repeated header, with special handling for \"Set-Cookie\"." + maxLength: 256 + minLength: 1 + pattern: "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" + type: "string" + type: + default: "Exact" + description: "Type specifies how to match against the value of the header.\n\n\nSupport: Core (Exact)\n\n\nSupport: Implementation-specific (RegularExpression)\n\n\nSince RegularExpression HeaderMatchType has implementation-specific\nconformance, implementations can support POSIX, PCRE or any other dialects\nof regular expressions. Please read the implementation's documentation to\ndetermine the supported dialect." + enum: + - "Exact" + - "RegularExpression" + type: "string" + value: + description: "Value is the value of HTTP Header to be matched." + maxLength: 4096 + minLength: 1 + type: "string" + required: + - "name" + - "value" + type: "object" + maxItems: 16 + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + method: + description: "Method specifies HTTP method matcher.\nWhen specified, this route will be matched only if the request has the\nspecified method.\n\n\nSupport: Extended" + enum: + - "GET" + - "HEAD" + - "POST" + - "PUT" + - "DELETE" + - "CONNECT" + - "OPTIONS" + - "TRACE" + - "PATCH" + type: "string" + path: + default: + type: "PathPrefix" + value: "/" + description: "Path specifies a HTTP request path matcher. If this field is not\nspecified, a default prefix match on the \"/\" path is provided." + properties: + type: + default: "PathPrefix" + description: "Type specifies how to match against the path Value.\n\n\nSupport: Core (Exact, PathPrefix)\n\n\nSupport: Implementation-specific (RegularExpression)" + enum: + - "Exact" + - "PathPrefix" + - "RegularExpression" + type: "string" + value: + default: "/" + description: "Value of the HTTP path to match against." + maxLength: 1024 + type: "string" + type: "object" + x-kubernetes-validations: + - message: "value must be an absolute path and start with '/' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? self.value.startsWith('/') : true" + - message: "must not contain '//' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('//') : true" + - message: "must not contain '/./' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('/./') : true" + - message: "must not contain '/../' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('/../') : true" + - message: "must not contain '%2f' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('%2f') : true" + - message: "must not contain '%2F' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('%2F') : true" + - message: "must not contain '#' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('#') : true" + - message: "must not end with '/..' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.endsWith('/..') : true" + - message: "must not end with '/.' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.endsWith('/.') : true" + - message: "type must be one of ['Exact', 'PathPrefix', 'RegularExpression']" + rule: "self.type in ['Exact','PathPrefix'] || self.type == 'RegularExpression'" + - message: "must only contain valid characters (matching ^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$) for types ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? self.value.matches(r\"\"\"^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$\"\"\") : true" + queryParams: + description: "QueryParams specifies HTTP query parameter matchers. Multiple match\nvalues are ANDed together, meaning, a request must match all the\nspecified query parameters to select the route.\n\n\nSupport: Extended" + items: + description: "HTTPQueryParamMatch describes how to select a HTTP route by matching HTTP\nquery parameters." + properties: + name: + description: "Name is the name of the HTTP query param to be matched. This must be an\nexact string match. (See\nhttps://tools.ietf.org/html/rfc7230#section-2.7.3).\n\n\nIf multiple entries specify equivalent query param names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent query param name MUST be ignored.\n\n\nIf a query param is repeated in an HTTP request, the behavior is\npurposely left undefined, since different data planes have different\ncapabilities. However, it is *recommended* that implementations should\nmatch against the first value of the param if the data plane supports it,\nas this behavior is expected in other load balancing contexts outside of\nthe Gateway API.\n\n\nUsers SHOULD NOT route traffic based on repeated query params to guard\nthemselves against potential differences in the implementations." + maxLength: 256 + minLength: 1 + pattern: "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" + type: "string" + type: + default: "Exact" + description: "Type specifies how to match against the value of the query parameter.\n\n\nSupport: Extended (Exact)\n\n\nSupport: Implementation-specific (RegularExpression)\n\n\nSince RegularExpression QueryParamMatchType has Implementation-specific\nconformance, implementations can support POSIX, PCRE or any other\ndialects of regular expressions. Please read the implementation's\ndocumentation to determine the supported dialect." + enum: + - "Exact" + - "RegularExpression" + type: "string" + value: + description: "Value is the value of HTTP query param to be matched." + maxLength: 1024 + minLength: 1 + type: "string" + required: + - "name" + - "value" + type: "object" + maxItems: 16 + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + type: "object" + maxItems: 8 + type: "array" + type: "object" + maxItems: 8 + type: "array" + spicedb: + description: "Authorization decision delegated to external Authzed/SpiceDB server." + properties: + endpoint: + description: "Hostname and port number to the GRPC interface of the SpiceDB server (e.g. spicedb:50051)." + type: "string" + insecure: + description: "Insecure HTTP connection (i.e. disables TLS verification)" + type: "boolean" + permission: + description: "The name of the permission (or relation) on which to execute the check." + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + resource: + description: "The resource on which to check the permission or relation." + properties: + kind: + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + name: + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + sharedSecretRef: + description: "Reference to a Secret key whose value will be used by Authorino to authenticate with the Authzed service." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "The name of the secret in the Authorino's namespace to select from." + type: "string" + required: + - "key" + - "name" + type: "object" + subject: + description: "The subject that will be checked for the permission or relation." + properties: + kind: + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + name: + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + required: + - "endpoint" + type: "object" + when: + description: "Conditions for Authorino to enforce this config.\nIf omitted, the config will be enforced for all requests.\nIf present, all conditions must match for the config to be enforced; otherwise, the config will be skipped." + items: + properties: + all: + description: "A list of pattern expressions to be evaluated as a logical AND." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + any: + description: "A list of pattern expressions to be evaluated as a logical OR." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + operator: + description: "The binary operator to be applied to the content fetched from the authorization JSON, for comparison with \"value\".\nPossible values are: \"eq\" (equal to), \"neq\" (not equal to), \"incl\" (includes; for arrays), \"excl\" (excludes; for arrays), \"matches\" (regex)" + enum: + - "eq" + - "neq" + - "incl" + - "excl" + - "matches" + type: "string" + patternRef: + description: "Reference to a named set of pattern expressions" + type: "string" + selector: + description: "Path selector to fetch content from the authorization JSON (e.g. 'request.method').\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nAuthorino custom JSON path modifiers are also supported." + type: "string" + value: + description: "The value of reference for the comparison with the content fetched from the authorization JSON.\nIf used with the \"matches\" operator, the value must compile to a valid Golang regex." + type: "string" + type: "object" + type: "array" + type: "object" + description: "Authorization policies.\nAll policies MUST evaluate to \"allowed = true\" for the auth request be successful." + maxProperties: 14 + type: "object" + callbacks: + additionalProperties: + properties: + cache: + description: "Caching options for the resolved object returned when applying this config.\nOmit it to avoid caching objects for this config." + properties: + key: + description: "Key used to store the entry in the cache.\nThe resolved key must be unique within the scope of this particular config." + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + ttl: + default: 60 + description: "Duration (in seconds) of the external data in the cache before pulled again from the source." + type: "integer" + required: + - "key" + type: "object" + http: + description: "Settings of the external HTTP request" + properties: + body: + description: "Raw body of the HTTP request.\nSupersedes 'bodyParameters'; use either one or the other.\nUse it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used)." + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + bodyParameters: + additionalProperties: + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + description: "Custom parameters to encode in the body of the HTTP request.\nSuperseded by 'body'; use either one or the other.\nUse it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used)." + type: "object" + contentType: + default: "application/x-www-form-urlencoded" + description: "Content-Type of the request body. Shapes how 'bodyParameters' are encoded.\nUse it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'." + enum: + - "application/x-www-form-urlencoded" + - "application/json" + type: "string" + credentials: + description: "Defines where client credentials will be passed in the request to the service.\nIf omitted, it defaults to client credentials passed in the HTTP Authorization header and the \"Bearer\" prefix expected prepended to the secret value." + properties: + authorizationHeader: + properties: + prefix: + type: "string" + type: "object" + cookie: + properties: + name: + type: "string" + required: + - "name" + type: "object" + customHeader: + properties: + name: + type: "string" + required: + - "name" + type: "object" + queryString: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + description: "Custom headers in the HTTP request." + type: "object" + method: + default: "GET" + description: "HTTP verb used in the request to the service. Accepted values: GET (default), POST.\nWhen the request method is POST, the authorization JSON is passed in the body of the request." + enum: + - "GET" + - "POST" + - "PUT" + - "PATCH" + - "DELETE" + - "HEAD" + - "OPTIONS" + - "CONNECT" + - "TRACE" + type: "string" + oauth2: + description: "Authentication with the HTTP service by OAuth2 Client Credentials grant." + properties: + cache: + default: true + description: "Caches and reuses the token until expired.\nSet it to false to force fetch the token at every authorization request regardless of expiration." + type: "boolean" + clientId: + description: "OAuth2 Client ID." + type: "string" + clientSecretRef: + description: "Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "The name of the secret in the Authorino's namespace to select from." + type: "string" + required: + - "key" + - "name" + type: "object" + extraParams: + additionalProperties: + type: "string" + description: "Optional extra parameters for the requests to the token URL." + type: "object" + scopes: + description: "Optional scopes for the client credentials grant, if supported by he OAuth2 server." + items: + type: "string" + type: "array" + tokenUrl: + description: "Token endpoint URL of the OAuth2 resource server." + type: "string" + required: + - "clientId" + - "clientSecretRef" + - "tokenUrl" + type: "object" + sharedSecretRef: + description: "Reference to a Secret key whose value will be passed by Authorino in the request.\nThe HTTP service can use the shared secret to authenticate the origin of the request.\nIgnored if used together with oauth2." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "The name of the secret in the Authorino's namespace to select from." + type: "string" + required: + - "key" + - "name" + type: "object" + url: + description: "Endpoint URL of the HTTP service.\nThe value can include variable placeholders in the format \"{selector}\", where \"selector\" is any pattern supported\nby https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON.\nE.g. https://ext-auth-server.io/metadata?p={request.path}" + type: "string" + required: + - "url" + type: "object" + metrics: + default: false + description: "Whether this config should generate individual observability metrics" + type: "boolean" + priority: + default: 0 + description: "Priority group of the config.\nAll configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially." + type: "integer" + routeSelectors: + description: "Top-level route selectors.\nIf present, the elements will be used to select HTTPRoute rules that, when activated, trigger the auth rule.\nAt least one selected HTTPRoute rule must match to trigger the auth rule.\nIf no route selectors are specified, the auth rule will be evaluated at all requests to the protected routes." + items: + description: "RouteSelector defines semantics for matching an HTTP request based on conditions\nhttps://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteSpec" + properties: + hostnames: + description: "Hostnames defines a set of hostname that should match against the HTTP Host header to select a HTTPRoute to process the request\nhttps://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteSpec" + items: + description: "Hostname is the fully qualified domain name of a network host. This matches\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\n\n\n 1. IPs are not allowed.\n 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label must appear by itself as the first label.\n\n\nHostname can be \"precise\" which is a domain name without the terminating\ndot of a network host (e.g. \"foo.example.com\") or \"wildcard\", which is a\ndomain name prefixed with a single wildcard label (e.g. `*.example.com`).\n\n\nNote that as per RFC1035 and RFC1123, a *label* must consist of lower case\nalphanumeric characters or '-', and must start and end with an alphanumeric\ncharacter. No other punctuation is allowed." + maxLength: 253 + minLength: 1 + pattern: "^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + type: "array" + matches: + description: "Matches define conditions used for matching the rule against incoming HTTP requests.\nhttps://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteSpec" + items: + description: "HTTPRouteMatch defines the predicate used to match requests to a given\naction. Multiple match types are ANDed together, i.e. the match will\nevaluate to true only if all conditions are satisfied.\n\n\nFor example, the match below will match a HTTP request only if its path\nstarts with `/foo` AND it contains the `version: v1` header:\n\n\n```\nmatch:\n\n\n\tpath:\n\t value: \"/foo\"\n\theaders:\n\t- name: \"version\"\n\t value \"v1\"\n\n\n```" + properties: + headers: + description: "Headers specifies HTTP request header matchers. Multiple match values are\nANDed together, meaning, a request must match all the specified headers\nto select the route." + items: + description: "HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request\nheaders." + properties: + name: + description: "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.\n\n\nWhen a header is repeated in an HTTP request, it is\nimplementation-specific behavior as to how this is represented.\nGenerally, proxies should follow the guidance from the RFC:\nhttps://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding\nprocessing a repeated header, with special handling for \"Set-Cookie\"." + maxLength: 256 + minLength: 1 + pattern: "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" + type: "string" + type: + default: "Exact" + description: "Type specifies how to match against the value of the header.\n\n\nSupport: Core (Exact)\n\n\nSupport: Implementation-specific (RegularExpression)\n\n\nSince RegularExpression HeaderMatchType has implementation-specific\nconformance, implementations can support POSIX, PCRE or any other dialects\nof regular expressions. Please read the implementation's documentation to\ndetermine the supported dialect." + enum: + - "Exact" + - "RegularExpression" + type: "string" + value: + description: "Value is the value of HTTP Header to be matched." + maxLength: 4096 + minLength: 1 + type: "string" + required: + - "name" + - "value" + type: "object" + maxItems: 16 + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + method: + description: "Method specifies HTTP method matcher.\nWhen specified, this route will be matched only if the request has the\nspecified method.\n\n\nSupport: Extended" + enum: + - "GET" + - "HEAD" + - "POST" + - "PUT" + - "DELETE" + - "CONNECT" + - "OPTIONS" + - "TRACE" + - "PATCH" + type: "string" + path: + default: + type: "PathPrefix" + value: "/" + description: "Path specifies a HTTP request path matcher. If this field is not\nspecified, a default prefix match on the \"/\" path is provided." + properties: + type: + default: "PathPrefix" + description: "Type specifies how to match against the path Value.\n\n\nSupport: Core (Exact, PathPrefix)\n\n\nSupport: Implementation-specific (RegularExpression)" + enum: + - "Exact" + - "PathPrefix" + - "RegularExpression" + type: "string" + value: + default: "/" + description: "Value of the HTTP path to match against." + maxLength: 1024 + type: "string" + type: "object" + x-kubernetes-validations: + - message: "value must be an absolute path and start with '/' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? self.value.startsWith('/') : true" + - message: "must not contain '//' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('//') : true" + - message: "must not contain '/./' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('/./') : true" + - message: "must not contain '/../' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('/../') : true" + - message: "must not contain '%2f' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('%2f') : true" + - message: "must not contain '%2F' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('%2F') : true" + - message: "must not contain '#' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('#') : true" + - message: "must not end with '/..' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.endsWith('/..') : true" + - message: "must not end with '/.' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.endsWith('/.') : true" + - message: "type must be one of ['Exact', 'PathPrefix', 'RegularExpression']" + rule: "self.type in ['Exact','PathPrefix'] || self.type == 'RegularExpression'" + - message: "must only contain valid characters (matching ^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$) for types ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? self.value.matches(r\"\"\"^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$\"\"\") : true" + queryParams: + description: "QueryParams specifies HTTP query parameter matchers. Multiple match\nvalues are ANDed together, meaning, a request must match all the\nspecified query parameters to select the route.\n\n\nSupport: Extended" + items: + description: "HTTPQueryParamMatch describes how to select a HTTP route by matching HTTP\nquery parameters." + properties: + name: + description: "Name is the name of the HTTP query param to be matched. This must be an\nexact string match. (See\nhttps://tools.ietf.org/html/rfc7230#section-2.7.3).\n\n\nIf multiple entries specify equivalent query param names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent query param name MUST be ignored.\n\n\nIf a query param is repeated in an HTTP request, the behavior is\npurposely left undefined, since different data planes have different\ncapabilities. However, it is *recommended* that implementations should\nmatch against the first value of the param if the data plane supports it,\nas this behavior is expected in other load balancing contexts outside of\nthe Gateway API.\n\n\nUsers SHOULD NOT route traffic based on repeated query params to guard\nthemselves against potential differences in the implementations." + maxLength: 256 + minLength: 1 + pattern: "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" + type: "string" + type: + default: "Exact" + description: "Type specifies how to match against the value of the query parameter.\n\n\nSupport: Extended (Exact)\n\n\nSupport: Implementation-specific (RegularExpression)\n\n\nSince RegularExpression QueryParamMatchType has Implementation-specific\nconformance, implementations can support POSIX, PCRE or any other\ndialects of regular expressions. Please read the implementation's\ndocumentation to determine the supported dialect." + enum: + - "Exact" + - "RegularExpression" + type: "string" + value: + description: "Value is the value of HTTP query param to be matched." + maxLength: 1024 + minLength: 1 + type: "string" + required: + - "name" + - "value" + type: "object" + maxItems: 16 + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + type: "object" + maxItems: 8 + type: "array" + type: "object" + maxItems: 8 + type: "array" + when: + description: "Conditions for Authorino to enforce this config.\nIf omitted, the config will be enforced for all requests.\nIf present, all conditions must match for the config to be enforced; otherwise, the config will be skipped." + items: + properties: + all: + description: "A list of pattern expressions to be evaluated as a logical AND." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + any: + description: "A list of pattern expressions to be evaluated as a logical OR." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + operator: + description: "The binary operator to be applied to the content fetched from the authorization JSON, for comparison with \"value\".\nPossible values are: \"eq\" (equal to), \"neq\" (not equal to), \"incl\" (includes; for arrays), \"excl\" (excludes; for arrays), \"matches\" (regex)" + enum: + - "eq" + - "neq" + - "incl" + - "excl" + - "matches" + type: "string" + patternRef: + description: "Reference to a named set of pattern expressions" + type: "string" + selector: + description: "Path selector to fetch content from the authorization JSON (e.g. 'request.method').\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nAuthorino custom JSON path modifiers are also supported." + type: "string" + value: + description: "The value of reference for the comparison with the content fetched from the authorization JSON.\nIf used with the \"matches\" operator, the value must compile to a valid Golang regex." + type: "string" + type: "object" + type: "array" + required: + - "http" + type: "object" + description: "Callback functions.\nAuthorino sends callbacks at the end of the auth pipeline to the endpoints specified in this config." + maxProperties: 14 + type: "object" + metadata: + additionalProperties: + properties: + cache: + description: "Caching options for the resolved object returned when applying this config.\nOmit it to avoid caching objects for this config." + properties: + key: + description: "Key used to store the entry in the cache.\nThe resolved key must be unique within the scope of this particular config." + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + ttl: + default: 60 + description: "Duration (in seconds) of the external data in the cache before pulled again from the source." + type: "integer" + required: + - "key" + type: "object" + http: + description: "External source of auth metadata via HTTP request" + properties: + body: + description: "Raw body of the HTTP request.\nSupersedes 'bodyParameters'; use either one or the other.\nUse it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used)." + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + bodyParameters: + additionalProperties: + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + description: "Custom parameters to encode in the body of the HTTP request.\nSuperseded by 'body'; use either one or the other.\nUse it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used)." + type: "object" + contentType: + default: "application/x-www-form-urlencoded" + description: "Content-Type of the request body. Shapes how 'bodyParameters' are encoded.\nUse it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'." + enum: + - "application/x-www-form-urlencoded" + - "application/json" + type: "string" + credentials: + description: "Defines where client credentials will be passed in the request to the service.\nIf omitted, it defaults to client credentials passed in the HTTP Authorization header and the \"Bearer\" prefix expected prepended to the secret value." + properties: + authorizationHeader: + properties: + prefix: + type: "string" + type: "object" + cookie: + properties: + name: + type: "string" + required: + - "name" + type: "object" + customHeader: + properties: + name: + type: "string" + required: + - "name" + type: "object" + queryString: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + description: "Custom headers in the HTTP request." + type: "object" + method: + default: "GET" + description: "HTTP verb used in the request to the service. Accepted values: GET (default), POST.\nWhen the request method is POST, the authorization JSON is passed in the body of the request." + enum: + - "GET" + - "POST" + - "PUT" + - "PATCH" + - "DELETE" + - "HEAD" + - "OPTIONS" + - "CONNECT" + - "TRACE" + type: "string" + oauth2: + description: "Authentication with the HTTP service by OAuth2 Client Credentials grant." + properties: + cache: + default: true + description: "Caches and reuses the token until expired.\nSet it to false to force fetch the token at every authorization request regardless of expiration." + type: "boolean" + clientId: + description: "OAuth2 Client ID." + type: "string" + clientSecretRef: + description: "Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "The name of the secret in the Authorino's namespace to select from." + type: "string" + required: + - "key" + - "name" + type: "object" + extraParams: + additionalProperties: + type: "string" + description: "Optional extra parameters for the requests to the token URL." + type: "object" + scopes: + description: "Optional scopes for the client credentials grant, if supported by he OAuth2 server." + items: + type: "string" + type: "array" + tokenUrl: + description: "Token endpoint URL of the OAuth2 resource server." + type: "string" + required: + - "clientId" + - "clientSecretRef" + - "tokenUrl" + type: "object" + sharedSecretRef: + description: "Reference to a Secret key whose value will be passed by Authorino in the request.\nThe HTTP service can use the shared secret to authenticate the origin of the request.\nIgnored if used together with oauth2." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "The name of the secret in the Authorino's namespace to select from." + type: "string" + required: + - "key" + - "name" + type: "object" + url: + description: "Endpoint URL of the HTTP service.\nThe value can include variable placeholders in the format \"{selector}\", where \"selector\" is any pattern supported\nby https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON.\nE.g. https://ext-auth-server.io/metadata?p={request.path}" + type: "string" + required: + - "url" + type: "object" + metrics: + default: false + description: "Whether this config should generate individual observability metrics" + type: "boolean" + priority: + default: 0 + description: "Priority group of the config.\nAll configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially." + type: "integer" + routeSelectors: + description: "Top-level route selectors.\nIf present, the elements will be used to select HTTPRoute rules that, when activated, trigger the auth rule.\nAt least one selected HTTPRoute rule must match to trigger the auth rule.\nIf no route selectors are specified, the auth rule will be evaluated at all requests to the protected routes." + items: + description: "RouteSelector defines semantics for matching an HTTP request based on conditions\nhttps://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteSpec" + properties: + hostnames: + description: "Hostnames defines a set of hostname that should match against the HTTP Host header to select a HTTPRoute to process the request\nhttps://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteSpec" + items: + description: "Hostname is the fully qualified domain name of a network host. This matches\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\n\n\n 1. IPs are not allowed.\n 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label must appear by itself as the first label.\n\n\nHostname can be \"precise\" which is a domain name without the terminating\ndot of a network host (e.g. \"foo.example.com\") or \"wildcard\", which is a\ndomain name prefixed with a single wildcard label (e.g. `*.example.com`).\n\n\nNote that as per RFC1035 and RFC1123, a *label* must consist of lower case\nalphanumeric characters or '-', and must start and end with an alphanumeric\ncharacter. No other punctuation is allowed." + maxLength: 253 + minLength: 1 + pattern: "^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + type: "array" + matches: + description: "Matches define conditions used for matching the rule against incoming HTTP requests.\nhttps://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteSpec" + items: + description: "HTTPRouteMatch defines the predicate used to match requests to a given\naction. Multiple match types are ANDed together, i.e. the match will\nevaluate to true only if all conditions are satisfied.\n\n\nFor example, the match below will match a HTTP request only if its path\nstarts with `/foo` AND it contains the `version: v1` header:\n\n\n```\nmatch:\n\n\n\tpath:\n\t value: \"/foo\"\n\theaders:\n\t- name: \"version\"\n\t value \"v1\"\n\n\n```" + properties: + headers: + description: "Headers specifies HTTP request header matchers. Multiple match values are\nANDed together, meaning, a request must match all the specified headers\nto select the route." + items: + description: "HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request\nheaders." + properties: + name: + description: "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.\n\n\nWhen a header is repeated in an HTTP request, it is\nimplementation-specific behavior as to how this is represented.\nGenerally, proxies should follow the guidance from the RFC:\nhttps://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding\nprocessing a repeated header, with special handling for \"Set-Cookie\"." + maxLength: 256 + minLength: 1 + pattern: "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" + type: "string" + type: + default: "Exact" + description: "Type specifies how to match against the value of the header.\n\n\nSupport: Core (Exact)\n\n\nSupport: Implementation-specific (RegularExpression)\n\n\nSince RegularExpression HeaderMatchType has implementation-specific\nconformance, implementations can support POSIX, PCRE or any other dialects\nof regular expressions. Please read the implementation's documentation to\ndetermine the supported dialect." + enum: + - "Exact" + - "RegularExpression" + type: "string" + value: + description: "Value is the value of HTTP Header to be matched." + maxLength: 4096 + minLength: 1 + type: "string" + required: + - "name" + - "value" + type: "object" + maxItems: 16 + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + method: + description: "Method specifies HTTP method matcher.\nWhen specified, this route will be matched only if the request has the\nspecified method.\n\n\nSupport: Extended" + enum: + - "GET" + - "HEAD" + - "POST" + - "PUT" + - "DELETE" + - "CONNECT" + - "OPTIONS" + - "TRACE" + - "PATCH" + type: "string" + path: + default: + type: "PathPrefix" + value: "/" + description: "Path specifies a HTTP request path matcher. If this field is not\nspecified, a default prefix match on the \"/\" path is provided." + properties: + type: + default: "PathPrefix" + description: "Type specifies how to match against the path Value.\n\n\nSupport: Core (Exact, PathPrefix)\n\n\nSupport: Implementation-specific (RegularExpression)" + enum: + - "Exact" + - "PathPrefix" + - "RegularExpression" + type: "string" + value: + default: "/" + description: "Value of the HTTP path to match against." + maxLength: 1024 + type: "string" + type: "object" + x-kubernetes-validations: + - message: "value must be an absolute path and start with '/' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? self.value.startsWith('/') : true" + - message: "must not contain '//' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('//') : true" + - message: "must not contain '/./' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('/./') : true" + - message: "must not contain '/../' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('/../') : true" + - message: "must not contain '%2f' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('%2f') : true" + - message: "must not contain '%2F' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('%2F') : true" + - message: "must not contain '#' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('#') : true" + - message: "must not end with '/..' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.endsWith('/..') : true" + - message: "must not end with '/.' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.endsWith('/.') : true" + - message: "type must be one of ['Exact', 'PathPrefix', 'RegularExpression']" + rule: "self.type in ['Exact','PathPrefix'] || self.type == 'RegularExpression'" + - message: "must only contain valid characters (matching ^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$) for types ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? self.value.matches(r\"\"\"^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$\"\"\") : true" + queryParams: + description: "QueryParams specifies HTTP query parameter matchers. Multiple match\nvalues are ANDed together, meaning, a request must match all the\nspecified query parameters to select the route.\n\n\nSupport: Extended" + items: + description: "HTTPQueryParamMatch describes how to select a HTTP route by matching HTTP\nquery parameters." + properties: + name: + description: "Name is the name of the HTTP query param to be matched. This must be an\nexact string match. (See\nhttps://tools.ietf.org/html/rfc7230#section-2.7.3).\n\n\nIf multiple entries specify equivalent query param names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent query param name MUST be ignored.\n\n\nIf a query param is repeated in an HTTP request, the behavior is\npurposely left undefined, since different data planes have different\ncapabilities. However, it is *recommended* that implementations should\nmatch against the first value of the param if the data plane supports it,\nas this behavior is expected in other load balancing contexts outside of\nthe Gateway API.\n\n\nUsers SHOULD NOT route traffic based on repeated query params to guard\nthemselves against potential differences in the implementations." + maxLength: 256 + minLength: 1 + pattern: "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" + type: "string" + type: + default: "Exact" + description: "Type specifies how to match against the value of the query parameter.\n\n\nSupport: Extended (Exact)\n\n\nSupport: Implementation-specific (RegularExpression)\n\n\nSince RegularExpression QueryParamMatchType has Implementation-specific\nconformance, implementations can support POSIX, PCRE or any other\ndialects of regular expressions. Please read the implementation's\ndocumentation to determine the supported dialect." + enum: + - "Exact" + - "RegularExpression" + type: "string" + value: + description: "Value is the value of HTTP query param to be matched." + maxLength: 1024 + minLength: 1 + type: "string" + required: + - "name" + - "value" + type: "object" + maxItems: 16 + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + type: "object" + maxItems: 8 + type: "array" + type: "object" + maxItems: 8 + type: "array" + uma: + description: "User-Managed Access (UMA) source of resource data." + properties: + credentialsRef: + description: "Reference to a Kubernetes secret in the same namespace, that stores client credentials to the resource registration API of the UMA server." + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + endpoint: + description: "The endpoint of the UMA server.\nThe value must coincide with the \"issuer\" claim of the UMA config discovered from the well-known uma configuration endpoint." + type: "string" + required: + - "credentialsRef" + - "endpoint" + type: "object" + userInfo: + description: "OpendID Connect UserInfo linked to an OIDC authentication config specified in this same AuthConfig." + properties: + identitySource: + description: "The name of an OIDC-enabled JWT authentication config whose OpenID Connect configuration discovered includes the OIDC \"userinfo_endpoint\" claim." + type: "string" + required: + - "identitySource" + type: "object" + when: + description: "Conditions for Authorino to enforce this config.\nIf omitted, the config will be enforced for all requests.\nIf present, all conditions must match for the config to be enforced; otherwise, the config will be skipped." + items: + properties: + all: + description: "A list of pattern expressions to be evaluated as a logical AND." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + any: + description: "A list of pattern expressions to be evaluated as a logical OR." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + operator: + description: "The binary operator to be applied to the content fetched from the authorization JSON, for comparison with \"value\".\nPossible values are: \"eq\" (equal to), \"neq\" (not equal to), \"incl\" (includes; for arrays), \"excl\" (excludes; for arrays), \"matches\" (regex)" + enum: + - "eq" + - "neq" + - "incl" + - "excl" + - "matches" + type: "string" + patternRef: + description: "Reference to a named set of pattern expressions" + type: "string" + selector: + description: "Path selector to fetch content from the authorization JSON (e.g. 'request.method').\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nAuthorino custom JSON path modifiers are also supported." + type: "string" + value: + description: "The value of reference for the comparison with the content fetched from the authorization JSON.\nIf used with the \"matches\" operator, the value must compile to a valid Golang regex." + type: "string" + type: "object" + type: "array" + type: "object" + description: "Metadata sources.\nAuthorino fetches auth metadata as JSON from sources specified in this config." + maxProperties: 14 + type: "object" + response: + description: "Response items.\nAuthorino builds custom responses to the client of the auth request." + properties: + success: + description: "Response items to be included in the auth response when the request is authenticated and authorized.\nFor integration of Authorino via proxy, the proxy must use these settings to propagate dynamic metadata and/or inject data in the request." + properties: + dynamicMetadata: + additionalProperties: + properties: + cache: + description: "Caching options for the resolved object returned when applying this config.\nOmit it to avoid caching objects for this config." + properties: + key: + description: "Key used to store the entry in the cache.\nThe resolved key must be unique within the scope of this particular config." + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + ttl: + default: 60 + description: "Duration (in seconds) of the external data in the cache before pulled again from the source." + type: "integer" + required: + - "key" + type: "object" + json: + description: "JSON object\nSpecify it as the list of properties of the object, whose values can combine static values and values selected from the authorization JSON." + properties: + properties: + additionalProperties: + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + required: + - "properties" + type: "object" + key: + description: "The key used to add the custom response item (name of the HTTP header or root property of the Dynamic Metadata object).\nIf omitted, it will be set to the name of the response config." + type: "string" + metrics: + default: false + description: "Whether this config should generate individual observability metrics" + type: "boolean" + plain: + description: "Plain text content" + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + priority: + default: 0 + description: "Priority group of the config.\nAll configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially." + type: "integer" + routeSelectors: + description: "Top-level route selectors.\nIf present, the elements will be used to select HTTPRoute rules that, when activated, trigger the auth rule.\nAt least one selected HTTPRoute rule must match to trigger the auth rule.\nIf no route selectors are specified, the auth rule will be evaluated at all requests to the protected routes." + items: + description: "RouteSelector defines semantics for matching an HTTP request based on conditions\nhttps://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteSpec" + properties: + hostnames: + description: "Hostnames defines a set of hostname that should match against the HTTP Host header to select a HTTPRoute to process the request\nhttps://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteSpec" + items: + description: "Hostname is the fully qualified domain name of a network host. This matches\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\n\n\n 1. IPs are not allowed.\n 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label must appear by itself as the first label.\n\n\nHostname can be \"precise\" which is a domain name without the terminating\ndot of a network host (e.g. \"foo.example.com\") or \"wildcard\", which is a\ndomain name prefixed with a single wildcard label (e.g. `*.example.com`).\n\n\nNote that as per RFC1035 and RFC1123, a *label* must consist of lower case\nalphanumeric characters or '-', and must start and end with an alphanumeric\ncharacter. No other punctuation is allowed." + maxLength: 253 + minLength: 1 + pattern: "^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + type: "array" + matches: + description: "Matches define conditions used for matching the rule against incoming HTTP requests.\nhttps://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteSpec" + items: + description: "HTTPRouteMatch defines the predicate used to match requests to a given\naction. Multiple match types are ANDed together, i.e. the match will\nevaluate to true only if all conditions are satisfied.\n\n\nFor example, the match below will match a HTTP request only if its path\nstarts with `/foo` AND it contains the `version: v1` header:\n\n\n```\nmatch:\n\n\n\tpath:\n\t value: \"/foo\"\n\theaders:\n\t- name: \"version\"\n\t value \"v1\"\n\n\n```" + properties: + headers: + description: "Headers specifies HTTP request header matchers. Multiple match values are\nANDed together, meaning, a request must match all the specified headers\nto select the route." + items: + description: "HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request\nheaders." + properties: + name: + description: "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.\n\n\nWhen a header is repeated in an HTTP request, it is\nimplementation-specific behavior as to how this is represented.\nGenerally, proxies should follow the guidance from the RFC:\nhttps://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding\nprocessing a repeated header, with special handling for \"Set-Cookie\"." + maxLength: 256 + minLength: 1 + pattern: "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" + type: "string" + type: + default: "Exact" + description: "Type specifies how to match against the value of the header.\n\n\nSupport: Core (Exact)\n\n\nSupport: Implementation-specific (RegularExpression)\n\n\nSince RegularExpression HeaderMatchType has implementation-specific\nconformance, implementations can support POSIX, PCRE or any other dialects\nof regular expressions. Please read the implementation's documentation to\ndetermine the supported dialect." + enum: + - "Exact" + - "RegularExpression" + type: "string" + value: + description: "Value is the value of HTTP Header to be matched." + maxLength: 4096 + minLength: 1 + type: "string" + required: + - "name" + - "value" + type: "object" + maxItems: 16 + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + method: + description: "Method specifies HTTP method matcher.\nWhen specified, this route will be matched only if the request has the\nspecified method.\n\n\nSupport: Extended" + enum: + - "GET" + - "HEAD" + - "POST" + - "PUT" + - "DELETE" + - "CONNECT" + - "OPTIONS" + - "TRACE" + - "PATCH" + type: "string" + path: + default: + type: "PathPrefix" + value: "/" + description: "Path specifies a HTTP request path matcher. If this field is not\nspecified, a default prefix match on the \"/\" path is provided." + properties: + type: + default: "PathPrefix" + description: "Type specifies how to match against the path Value.\n\n\nSupport: Core (Exact, PathPrefix)\n\n\nSupport: Implementation-specific (RegularExpression)" + enum: + - "Exact" + - "PathPrefix" + - "RegularExpression" + type: "string" + value: + default: "/" + description: "Value of the HTTP path to match against." + maxLength: 1024 + type: "string" + type: "object" + x-kubernetes-validations: + - message: "value must be an absolute path and start with '/' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? self.value.startsWith('/') : true" + - message: "must not contain '//' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('//') : true" + - message: "must not contain '/./' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('/./') : true" + - message: "must not contain '/../' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('/../') : true" + - message: "must not contain '%2f' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('%2f') : true" + - message: "must not contain '%2F' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('%2F') : true" + - message: "must not contain '#' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('#') : true" + - message: "must not end with '/..' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.endsWith('/..') : true" + - message: "must not end with '/.' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.endsWith('/.') : true" + - message: "type must be one of ['Exact', 'PathPrefix', 'RegularExpression']" + rule: "self.type in ['Exact','PathPrefix'] || self.type == 'RegularExpression'" + - message: "must only contain valid characters (matching ^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$) for types ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? self.value.matches(r\"\"\"^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$\"\"\") : true" + queryParams: + description: "QueryParams specifies HTTP query parameter matchers. Multiple match\nvalues are ANDed together, meaning, a request must match all the\nspecified query parameters to select the route.\n\n\nSupport: Extended" + items: + description: "HTTPQueryParamMatch describes how to select a HTTP route by matching HTTP\nquery parameters." + properties: + name: + description: "Name is the name of the HTTP query param to be matched. This must be an\nexact string match. (See\nhttps://tools.ietf.org/html/rfc7230#section-2.7.3).\n\n\nIf multiple entries specify equivalent query param names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent query param name MUST be ignored.\n\n\nIf a query param is repeated in an HTTP request, the behavior is\npurposely left undefined, since different data planes have different\ncapabilities. However, it is *recommended* that implementations should\nmatch against the first value of the param if the data plane supports it,\nas this behavior is expected in other load balancing contexts outside of\nthe Gateway API.\n\n\nUsers SHOULD NOT route traffic based on repeated query params to guard\nthemselves against potential differences in the implementations." + maxLength: 256 + minLength: 1 + pattern: "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" + type: "string" + type: + default: "Exact" + description: "Type specifies how to match against the value of the query parameter.\n\n\nSupport: Extended (Exact)\n\n\nSupport: Implementation-specific (RegularExpression)\n\n\nSince RegularExpression QueryParamMatchType has Implementation-specific\nconformance, implementations can support POSIX, PCRE or any other\ndialects of regular expressions. Please read the implementation's\ndocumentation to determine the supported dialect." + enum: + - "Exact" + - "RegularExpression" + type: "string" + value: + description: "Value is the value of HTTP query param to be matched." + maxLength: 1024 + minLength: 1 + type: "string" + required: + - "name" + - "value" + type: "object" + maxItems: 16 + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + type: "object" + maxItems: 8 + type: "array" + type: "object" + maxItems: 8 + type: "array" + when: + description: "Conditions for Authorino to enforce this config.\nIf omitted, the config will be enforced for all requests.\nIf present, all conditions must match for the config to be enforced; otherwise, the config will be skipped." + items: + properties: + all: + description: "A list of pattern expressions to be evaluated as a logical AND." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + any: + description: "A list of pattern expressions to be evaluated as a logical OR." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + operator: + description: "The binary operator to be applied to the content fetched from the authorization JSON, for comparison with \"value\".\nPossible values are: \"eq\" (equal to), \"neq\" (not equal to), \"incl\" (includes; for arrays), \"excl\" (excludes; for arrays), \"matches\" (regex)" + enum: + - "eq" + - "neq" + - "incl" + - "excl" + - "matches" + type: "string" + patternRef: + description: "Reference to a named set of pattern expressions" + type: "string" + selector: + description: "Path selector to fetch content from the authorization JSON (e.g. 'request.method').\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nAuthorino custom JSON path modifiers are also supported." + type: "string" + value: + description: "The value of reference for the comparison with the content fetched from the authorization JSON.\nIf used with the \"matches\" operator, the value must compile to a valid Golang regex." + type: "string" + type: "object" + type: "array" + wristband: + description: "Authorino Festival Wristband token" + properties: + customClaims: + additionalProperties: + properties: + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + description: "Any claims to be added to the wristband token apart from the standard JWT claims (iss, iat, exp) added by default." + type: "object" + issuer: + description: "The endpoint to the Authorino service that issues the wristband (format: ://:/, where = /://:/, where = / The path portion of the URL" + maxLength: 253 + minLength: 1 + type: "string" + type: "array" + rates: + description: "Rates holds the list of limit rates" + items: + description: "Rate defines the actual rate limit that will be used when there is a match" + properties: + duration: + description: "Duration defines the time period for which the Limit specified above applies." + type: "integer" + limit: + description: "Limit defines the max value allowed for a given period of time" + type: "integer" + unit: + description: "Duration defines the time uni\nPossible values are: \"second\", \"minute\", \"hour\", \"day\"" + enum: + - "second" + - "minute" + - "hour" + - "day" + type: "string" + required: + - "duration" + - "limit" + - "unit" + type: "object" + type: "array" + routeSelectors: + description: "RouteSelectors defines semantics for matching an HTTP request based on conditions" + items: + description: "RouteSelector defines semantics for matching an HTTP request based on conditions\nhttps://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteSpec" + properties: + hostnames: + description: "Hostnames defines a set of hostname that should match against the HTTP Host header to select a HTTPRoute to process the request\nhttps://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteSpec" + items: + description: "Hostname is the fully qualified domain name of a network host. This matches\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\n\n\n 1. IPs are not allowed.\n 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label must appear by itself as the first label.\n\n\nHostname can be \"precise\" which is a domain name without the terminating\ndot of a network host (e.g. \"foo.example.com\") or \"wildcard\", which is a\ndomain name prefixed with a single wildcard label (e.g. `*.example.com`).\n\n\nNote that as per RFC1035 and RFC1123, a *label* must consist of lower case\nalphanumeric characters or '-', and must start and end with an alphanumeric\ncharacter. No other punctuation is allowed." + maxLength: 253 + minLength: 1 + pattern: "^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + type: "array" + matches: + description: "Matches define conditions used for matching the rule against incoming HTTP requests.\nhttps://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteSpec" + items: + description: "HTTPRouteMatch defines the predicate used to match requests to a given\naction. Multiple match types are ANDed together, i.e. the match will\nevaluate to true only if all conditions are satisfied.\n\n\nFor example, the match below will match a HTTP request only if its path\nstarts with `/foo` AND it contains the `version: v1` header:\n\n\n```\nmatch:\n\n\n\tpath:\n\t value: \"/foo\"\n\theaders:\n\t- name: \"version\"\n\t value \"v1\"\n\n\n```" + properties: + headers: + description: "Headers specifies HTTP request header matchers. Multiple match values are\nANDed together, meaning, a request must match all the specified headers\nto select the route." + items: + description: "HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request\nheaders." + properties: + name: + description: "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.\n\n\nWhen a header is repeated in an HTTP request, it is\nimplementation-specific behavior as to how this is represented.\nGenerally, proxies should follow the guidance from the RFC:\nhttps://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding\nprocessing a repeated header, with special handling for \"Set-Cookie\"." + maxLength: 256 + minLength: 1 + pattern: "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" + type: "string" + type: + default: "Exact" + description: "Type specifies how to match against the value of the header.\n\n\nSupport: Core (Exact)\n\n\nSupport: Implementation-specific (RegularExpression)\n\n\nSince RegularExpression HeaderMatchType has implementation-specific\nconformance, implementations can support POSIX, PCRE or any other dialects\nof regular expressions. Please read the implementation's documentation to\ndetermine the supported dialect." + enum: + - "Exact" + - "RegularExpression" + type: "string" + value: + description: "Value is the value of HTTP Header to be matched." + maxLength: 4096 + minLength: 1 + type: "string" + required: + - "name" + - "value" + type: "object" + maxItems: 16 + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + method: + description: "Method specifies HTTP method matcher.\nWhen specified, this route will be matched only if the request has the\nspecified method.\n\n\nSupport: Extended" + enum: + - "GET" + - "HEAD" + - "POST" + - "PUT" + - "DELETE" + - "CONNECT" + - "OPTIONS" + - "TRACE" + - "PATCH" + type: "string" + path: + default: + type: "PathPrefix" + value: "/" + description: "Path specifies a HTTP request path matcher. If this field is not\nspecified, a default prefix match on the \"/\" path is provided." + properties: + type: + default: "PathPrefix" + description: "Type specifies how to match against the path Value.\n\n\nSupport: Core (Exact, PathPrefix)\n\n\nSupport: Implementation-specific (RegularExpression)" + enum: + - "Exact" + - "PathPrefix" + - "RegularExpression" + type: "string" + value: + default: "/" + description: "Value of the HTTP path to match against." + maxLength: 1024 + type: "string" + type: "object" + x-kubernetes-validations: + - message: "value must be an absolute path and start with '/' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? self.value.startsWith('/') : true" + - message: "must not contain '//' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('//') : true" + - message: "must not contain '/./' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('/./') : true" + - message: "must not contain '/../' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('/../') : true" + - message: "must not contain '%2f' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('%2f') : true" + - message: "must not contain '%2F' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('%2F') : true" + - message: "must not contain '#' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('#') : true" + - message: "must not end with '/..' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.endsWith('/..') : true" + - message: "must not end with '/.' when type one of ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? !self.value.endsWith('/.') : true" + - message: "type must be one of ['Exact', 'PathPrefix', 'RegularExpression']" + rule: "self.type in ['Exact','PathPrefix'] || self.type == 'RegularExpression'" + - message: "must only contain valid characters (matching ^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$) for types ['Exact', 'PathPrefix']" + rule: "(self.type in ['Exact','PathPrefix']) ? self.value.matches(r\"\"\"^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$\"\"\") : true" + queryParams: + description: "QueryParams specifies HTTP query parameter matchers. Multiple match\nvalues are ANDed together, meaning, a request must match all the\nspecified query parameters to select the route.\n\n\nSupport: Extended" + items: + description: "HTTPQueryParamMatch describes how to select a HTTP route by matching HTTP\nquery parameters." + properties: + name: + description: "Name is the name of the HTTP query param to be matched. This must be an\nexact string match. (See\nhttps://tools.ietf.org/html/rfc7230#section-2.7.3).\n\n\nIf multiple entries specify equivalent query param names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent query param name MUST be ignored.\n\n\nIf a query param is repeated in an HTTP request, the behavior is\npurposely left undefined, since different data planes have different\ncapabilities. However, it is *recommended* that implementations should\nmatch against the first value of the param if the data plane supports it,\nas this behavior is expected in other load balancing contexts outside of\nthe Gateway API.\n\n\nUsers SHOULD NOT route traffic based on repeated query params to guard\nthemselves against potential differences in the implementations." + maxLength: 256 + minLength: 1 + pattern: "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" + type: "string" + type: + default: "Exact" + description: "Type specifies how to match against the value of the query parameter.\n\n\nSupport: Extended (Exact)\n\n\nSupport: Implementation-specific (RegularExpression)\n\n\nSince RegularExpression QueryParamMatchType has Implementation-specific\nconformance, implementations can support POSIX, PCRE or any other\ndialects of regular expressions. Please read the implementation's\ndocumentation to determine the supported dialect." + enum: + - "Exact" + - "RegularExpression" + type: "string" + value: + description: "Value is the value of HTTP query param to be matched." + maxLength: 1024 + minLength: 1 + type: "string" + required: + - "name" + - "value" + type: "object" + maxItems: 16 + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + type: "object" + maxItems: 8 + type: "array" + type: "object" + maxItems: 15 + type: "array" + when: + description: "When holds the list of conditions for the policy to be enforced.\nCalled also \"soft\" conditions as route selectors must also match" + items: + description: "RouteSelector defines semantics for matching an HTTP request based on conditions\nhttps://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteSpec" + properties: + operator: + description: "The binary operator to be applied to the content fetched from the selector\nPossible values are: \"eq\" (equal to), \"neq\" (not equal to)" + enum: + - "eq" + - "neq" + - "startswith" + - "endswith" + - "incl" + - "excl" + - "matches" + type: "string" + selector: + description: "Selector defines one item from the well known selectors\nTODO Document properly \"Well-known selector\" https://github.com/Kuadrant/architecture/blob/main/rfcs/0001-rlp-v2.md#well-known-selectors" + maxLength: 253 + minLength: 1 + type: "string" + value: + description: "The value of reference for the comparison." + type: "string" + required: + - "operator" + - "selector" + - "value" + type: "object" + type: "array" + type: "object" + description: "Limits holds the struct of limits indexed by a unique name" + maxProperties: 14 + type: "object" + type: "object" limits: additionalProperties: description: "Limit represents a complete rate limit configuration" @@ -312,6 +532,8 @@ spec: x-kubernetes-validations: - message: "route selectors not supported when targeting a Gateway" rule: "self.targetRef.kind != 'Gateway' || !has(self.limits) || !self.limits.exists(x, has(self.limits[x].routeSelectors))" + - message: "Implicit and explicit defaults are mutually exclusive" + rule: "!(has(self.defaults) && has(self.limits))" status: description: "RateLimitPolicyStatus defines the observed state of RateLimitPolicy" properties: diff --git a/crd-catalog/Kuadrant/limitador-operator/limitador.kuadrant.io/v1alpha1/limitadors.yaml b/crd-catalog/Kuadrant/limitador-operator/limitador.kuadrant.io/v1alpha1/limitadors.yaml index 52489c6db..adff9a4c3 100644 --- a/crd-catalog/Kuadrant/limitador-operator/limitador.kuadrant.io/v1alpha1/limitadors.yaml +++ b/crd-catalog/Kuadrant/limitador-operator/limitador.kuadrant.io/v1alpha1/limitadors.yaml @@ -669,6 +669,9 @@ spec: ratio: description: "Ratio to apply to the TTL from Redis on cached counters [default: 10]" type: "integer" + response-timeout: + description: "ResponseTimeout defines the timeout for Redis commands in milliseconds [default: 350]" + type: "integer" ttl: description: "TTL for cached counters in milliseconds [default: 5000]" type: "integer" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmagents.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmagents.yaml index 1cc09815c..3df84a0f6 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmagents.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmagents.yaml @@ -42,9 +42,6 @@ spec: spec: description: "VMAgentSpec defines the desired state of VMAgent" properties: - '-': - description: "ParsingError contents error with context if operator was failed to parse json object from kubernetes api server" - type: "string" aPIServerConfig: description: "APIServerConfig allows specifying a host and auth methods to access apiserver.\nIf left empty, VMAgent is assumed to run inside of the cluster\nand will discover API servers automatically and use the pod's CA certificate\nand bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/." properties: @@ -1880,6 +1877,9 @@ spec: description: "ServiceSpec describes the attributes that a user creates on a service.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/" type: "object" x-kubernetes-preserve-unknown-fields: true + useAsDefault: + description: "UseAsDefault applies changes from given service definition to the main object Service\nChaning from headless service to clusterIP or loadbalancer may break cross-component communication" + type: "boolean" required: - "spec" type: "object" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalertmanagers.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalertmanagers.yaml index 9e784aab4..0b412b0d9 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalertmanagers.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalertmanagers.yaml @@ -47,9 +47,6 @@ spec: spec: description: "Specification of the desired behavior of the VMAlertmanager cluster. More info:\nhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" properties: - '-': - description: "ParsingError contents error with context if operator was failed to parse json object from kubernetes api server" - type: "string" additionalPeers: description: "AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster." items: @@ -637,6 +634,9 @@ spec: description: "ServiceSpec describes the attributes that a user creates on a service.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/" type: "object" x-kubernetes-preserve-unknown-fields: true + useAsDefault: + description: "UseAsDefault applies changes from given service definition to the main object Service\nChaning from headless service to clusterIP or loadbalancer may break cross-component communication" + type: "boolean" required: - "spec" type: "object" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalerts.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalerts.yaml index 360836456..989fd21ba 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalerts.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalerts.yaml @@ -34,9 +34,6 @@ spec: spec: description: "VMAlertSpec defines the desired state of VMAlert" properties: - '-': - description: "ParsingError contents error with context if operator was failed to parse json object from kubernetes api server" - type: "string" affinity: description: "Affinity If specified, the pod's scheduling constraints." type: "object" @@ -1346,6 +1343,9 @@ spec: description: "ServiceSpec describes the attributes that a user creates on a service.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/" type: "object" x-kubernetes-preserve-unknown-fields: true + useAsDefault: + description: "UseAsDefault applies changes from given service definition to the main object Service\nChaning from headless service to clusterIP or loadbalancer may break cross-component communication" + type: "boolean" required: - "spec" type: "object" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmauths.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmauths.yaml index d485581ef..bdc39b365 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmauths.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmauths.yaml @@ -34,9 +34,6 @@ spec: spec: description: "VMAuthSpec defines the desired state of VMAuth" properties: - '-': - description: "ParsingError contents error with context if operator was failed to parse json object from kubernetes api server" - type: "string" affinity: description: "Affinity If specified, the pod's scheduling constraints." type: "object" @@ -492,6 +489,9 @@ spec: description: "ServiceSpec describes the attributes that a user creates on a service.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/" type: "object" x-kubernetes-preserve-unknown-fields: true + useAsDefault: + description: "UseAsDefault applies changes from given service definition to the main object Service\nChaning from headless service to clusterIP or loadbalancer may break cross-component communication" + type: "boolean" required: - "spec" type: "object" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmclusters.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmclusters.yaml index 1ed97ea9e..0b0c0a377 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmclusters.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmclusters.yaml @@ -49,9 +49,6 @@ spec: spec: description: "VMClusterSpec defines the desired state of VMCluster" properties: - '-': - description: "ParsingError contents error with context if operator was failed to parse json object from kubernetes api server" - type: "string" clusterVersion: description: "ClusterVersion defines default images tag for all components.\nit can be overwritten with component specific image.tag value." type: "string" @@ -418,6 +415,9 @@ spec: description: "ServiceSpec describes the attributes that a user creates on a service.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/" type: "object" x-kubernetes-preserve-unknown-fields: true + useAsDefault: + description: "UseAsDefault applies changes from given service definition to the main object Service\nChaning from headless service to clusterIP or loadbalancer may break cross-component communication" + type: "boolean" required: - "spec" type: "object" @@ -1022,6 +1022,9 @@ spec: description: "ServiceSpec describes the attributes that a user creates on a service.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/" type: "object" x-kubernetes-preserve-unknown-fields: true + useAsDefault: + description: "UseAsDefault applies changes from given service definition to the main object Service\nChaning from headless service to clusterIP or loadbalancer may break cross-component communication" + type: "boolean" required: - "spec" type: "object" @@ -1829,6 +1832,9 @@ spec: description: "ServiceSpec describes the attributes that a user creates on a service.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/" type: "object" x-kubernetes-preserve-unknown-fields: true + useAsDefault: + description: "UseAsDefault applies changes from given service definition to the main object Service\nChaning from headless service to clusterIP or loadbalancer may break cross-component communication" + type: "boolean" required: - "spec" type: "object" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmsingles.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmsingles.yaml index 826c52d32..a86383e19 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmsingles.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmsingles.yaml @@ -359,6 +359,9 @@ spec: description: "ServiceSpec describes the attributes that a user creates on a service.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/" type: "object" x-kubernetes-preserve-unknown-fields: true + useAsDefault: + description: "UseAsDefault applies changes from given service definition to the main object Service\nChaning from headless service to clusterIP or loadbalancer may break cross-component communication" + type: "boolean" required: - "spec" type: "object" diff --git a/crd-catalog/aerospike/aerospike-kubernetes-operator/asdb.aerospike.com/v1/aerospikeclusters.yaml b/crd-catalog/aerospike/aerospike-kubernetes-operator/asdb.aerospike.com/v1/aerospikeclusters.yaml index b2adb7b7f..6439fd1e3 100644 --- a/crd-catalog/aerospike/aerospike-kubernetes-operator/asdb.aerospike.com/v1/aerospikeclusters.yaml +++ b/crd-catalog/aerospike/aerospike-kubernetes-operator/asdb.aerospike.com/v1/aerospikeclusters.yaml @@ -8243,6 +8243,9 @@ spec: items: type: "string" type: "array" + dynamicConfigFailed: + description: "DynamicConfigFailed is true if aerospike config change failed to apply dynamically." + type: "boolean" hostExternalIP: description: "HostExternalIP of the K8s host this pod is scheduled on." type: "string" diff --git a/crd-catalog/ansible/awx-operator/awx.ansible.com/v1beta1/awxs.yaml b/crd-catalog/ansible/awx-operator/awx.ansible.com/v1beta1/awxs.yaml index bd17b4367..e00f11a47 100644 --- a/crd-catalog/ansible/awx-operator/awx.ansible.com/v1beta1/awxs.yaml +++ b/crd-catalog/ansible/awx-operator/awx.ansible.com/v1beta1/awxs.yaml @@ -666,15 +666,19 @@ spec: - "https" type: "string" metrics_utility_configmap: - description: "Metrics-Utlity ConfigMap" + description: "Metrics-Utility ConfigMap" type: "string" + metrics_utility_console_enabled: + default: false + description: "Enable metrics utility shipping to Red Hat Hybrid Cloud Console" + type: "boolean" metrics_utility_cronjob_gather_schedule: default: "@hourly" - description: "Metrics-Utlity Gather Data CronJob Schedule" + description: "Metrics-Utility Gather Data CronJob Schedule" type: "string" metrics_utility_cronjob_report_schedule: default: "@monthly" - description: "Metrics-Utlity Report CronJob Schedule" + description: "Metrics-Utility Report CronJob Schedule" type: "string" metrics_utility_enabled: default: false @@ -690,14 +694,20 @@ spec: description: "Metrics-Utility Image Version" type: "string" metrics_utility_pvc_claim: - description: "Metrics-Utlity PVC Claim" + description: "Metrics-Utility PVC Claim" type: "string" metrics_utility_pvc_claim_size: default: "5Gi" - description: "Metrics-Utlity PVC Claim Size" + description: "Metrics-Utility PVC Claim Size" type: "string" metrics_utility_pvc_claim_storage_class: - description: "Metrics-Utlity PVC Claim Storage Class" + description: "Metrics-Utility PVC Claim Storage Class" + type: "string" + metrics_utility_secret: + description: "Metrics-Utility Secret" + type: "string" + metrics_utility_ship_target: + description: "Metrics-Utility Ship Target" type: "string" nginx_listen_queue_size: description: "Set the socket listen queue size for nginx (defaults to same as uwsgi)" diff --git a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/clusters.yaml b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/clusters.yaml index f5208e4de..f807bb939 100644 --- a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/clusters.yaml +++ b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/clusters.yaml @@ -170,20 +170,6 @@ spec: type: "array" x-kubernetes-list-type: "set" type: "object" - classDefRef: - description: "References the class defined in ComponentClassDefinition." - properties: - class: - description: "Defines the name of the class that is defined in the ComponentClassDefinition." - type: "string" - name: - description: "Specifies the name of the ComponentClassDefinition." - maxLength: 63 - pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" - type: "string" - required: - - "class" - type: "object" componentDef: description: "References the name of the ComponentDefinition. If both componentDefRef and componentDef are provided, the componentDef will take precedence over componentDefRef." maxLength: 64 @@ -201,20 +187,102 @@ spec: type: "array" x-kubernetes-list-type: "set" instances: - description: "Overrides values in default Template. \n Instance is the fundamental unit managed by KubeBlocks. It represents a Pod with additional objects such as PVCs, Services, ConfigMaps, etc. A component manages instances with a total count of Replicas, and by default, all these instances are generated from the same template. The InstanceTemplate provides a way to override values in the default template, allowing the component to manage instances from different templates." + description: "Overrides values in default Template. \n Instance is the fundamental unit managed by KubeBlocks. It represents a Pod with additional objects such as PVCs, Services, ConfigMaps, etc. A component manages instances with a total count of Replicas, and by default, all these instances are generated from the same template. The InstanceTemplate provides a way to override values in the default template, allowing the component to manage instances from different templates. \n The naming convention for instances (pods) based on the Component Name, InstanceTemplate Name, and ordinal. The constructed instance name follows the pattern: $(component.name)-$(template.name)-$(ordinal). By default, the ordinal starts from 0 for each InstanceTemplate. It is important to ensure that the Name of each InstanceTemplate is unique. \n The sum of replicas across all InstanceTemplates should not exceed the total number of Replicas specified for the Component. Any remaining replicas will be generated using the default template and will follow the default naming rules." items: description: "InstanceTemplate defines values to override in pod template." properties: + RuntimeClassName: + description: "Defines RuntimeClass to override." + type: "string" annotations: additionalProperties: type: "string" description: "Defines annotations to override. Add new or override existing annotations." type: "object" - generateName: - description: "GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. \n Applied only if Name is not specified." - maxLength: 54 - pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" - type: "string" + env: + description: "Defines Env to override. Add new or override existing envs." + items: + description: "EnvVar represents an environment variable present in a Container." + properties: + name: + description: "Name of the environment variable. Must be a C_IDENTIFIER." + type: "string" + value: + description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + type: "string" + valueFrom: + description: "Source for the environment variable's value. Cannot be used if value is not empty." + properties: + configMapKeyRef: + description: "Selects a key of a ConfigMap." + properties: + key: + description: "The key to select." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + fieldRef: + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + required: + - "name" + type: "object" + type: "array" image: description: "Defines image to override. Will override the first container's image of the pod." type: "string" @@ -224,8 +292,8 @@ spec: description: "Defines labels to override. Add new or override existing labels." type: "object" name: - description: "Defines the name of the instance. Only applied when Replicas is 1." - maxLength: 64 + description: "Specifies the name of the template. Each instance of the template derives its name from the Component's Name, the template's Name and the instance's ordinal. The constructed instance name follows the pattern $(component.name)-$(template.name)-$(ordinal). The ordinal starts from 0 by default." + maxLength: 54 pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" type: "string" nodeName: @@ -1519,6 +1587,8 @@ spec: - "name" type: "object" type: "array" + required: + - "name" type: "object" type: "array" issuer: @@ -1568,6 +1638,11 @@ spec: maxLength: 22 pattern: "^[a-z]([a-z0-9\\-]*[a-z0-9])?$" type: "string" + offlineInstances: + description: "Specifies instances to be scaled in with dedicated names in the list." + items: + type: "string" + type: "array" replicas: default: 1 description: "Specifies the number of component replicas." @@ -1622,14 +1697,51 @@ spec: cluster: description: "The name of the KubeBlocks cluster being referenced when a service provided by another KubeBlocks cluster is being referenced. \n By default, the clusterDefinition.spec.connectionCredential secret corresponding to the referenced Cluster will be used to bind to the current component. The connection credential secret should include and correspond to the following fields: endpoint, port, username, and password when a KubeBlocks cluster is being referenced. \n Under this referencing approach, the ServiceKind and ServiceVersion of service reference declaration defined in the ClusterDefinition will not be validated. If both Cluster and ServiceDescriptor are specified, the Cluster takes precedence." type: "string" + clusterRef: + description: "Specifies the cluster to reference." + properties: + cluster: + description: "The name of the cluster to reference." + type: "string" + credential: + description: "The credential (SystemAccount) to reference from the cluster." + properties: + component: + description: "The name of the component where the credential resides in." + type: "string" + name: + description: "The name of the credential (SystemAccount) to reference." + type: "string" + required: + - "component" + - "name" + type: "object" + service: + description: "The service to reference from the cluster." + properties: + component: + description: "The name of the component where the service resides in. \n It is required when referencing a component service." + type: "string" + port: + description: "The port name of the service to reference. \n If there is a non-zero node-port exist for the matched service port, the node-port will be selected first. If the referenced service is a pod-service, there will be multiple service objects matched, and the resolved value will be presented in the following format: service1.name:port1,service2.name:port2..." + type: "string" + service: + description: "The name of the service to reference. \n Leave it empty to reference the default service. Set it to \"headless\" to reference the default headless service. If the referenced service is a pod-service, there will be multiple service objects matched, and the resolved value will be presented in the following format: service1.name,service2.name..." + type: "string" + required: + - "service" + type: "object" + required: + - "cluster" + type: "object" name: description: "Specifies the identifier of the service reference declaration. It corresponds to the serviceRefDeclaration name defined in the clusterDefinition.componentDefs[*].serviceRefDeclarations[*].name." type: "string" namespace: - description: "Specifies the namespace of the referenced Cluster or the namespace of the referenced ServiceDescriptor object. If not provided, the referenced Cluster and ServiceDescriptor will be searched in the namespace of the current cluster by default." + description: "Specifies the namespace of the referenced Cluster or ServiceDescriptor object. If not specified, the namespace of the current cluster will be used." type: "string" serviceDescriptor: - description: "The service descriptor of the service provided by external sources. \n When referencing a service provided by external sources, the ServiceDescriptor object name is required to establish the service binding. The `serviceDescriptor.spec.serviceKind` and `serviceDescriptor.spec.serviceVersion` should match the serviceKind and serviceVersion defined in the service reference declaration in the ClusterDefinition. \n If both Cluster and ServiceDescriptor are specified, the Cluster takes precedence." + description: "The service descriptor of the service provided by external sources. \n When referencing a service provided by external sources, a ServiceDescriptor object is required to establish the service binding. The `serviceDescriptor.spec.serviceKind` and `serviceDescriptor.spec.serviceVersion` should match the serviceKind and serviceVersion declared in the definition. \n If both Cluster and ServiceDescriptor are specified, the Cluster takes precedence." type: "string" required: - "name" @@ -1640,7 +1752,7 @@ spec: maxLength: 32 type: "string" services: - description: "Services expose endpoints that can be accessed by clients." + description: "Services overrides services defined in referenced ComponentDefinition." items: properties: annotations: @@ -1649,9 +1761,12 @@ spec: description: "If ServiceType is LoadBalancer, cloud provider related parameters can be put here. More info: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer." type: "object" name: - description: "The name of the service." - maxLength: 15 + description: "References the component service name defined in the ComponentDefinition.Spec.Services[x].Name." + maxLength: 25 type: "string" + podService: + description: "Indicates whether to generate individual services for each pod. If set to true, a separate service will be created for each pod in the cluster." + type: "boolean" serviceType: default: "ClusterIP" description: "Determines how the Service is exposed. Valid options are ClusterIP, NodePort, and LoadBalancer. \n - `ClusterIP` allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, they are determined by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is \"None\", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. - `NodePort` builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. - `LoadBalancer` builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. \n More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types." @@ -1983,9 +2098,10 @@ spec: type: "string" name: description: "Name defines the name of the service. otherwise, it indicates the name of the service. Others can refer to this service by its name. (e.g., connection credential) Cannot be updated." + maxLength: 25 type: "string" roleSelector: - description: "RoleSelector extends the ServiceSpec.Selector by allowing you to specify defined role as selector for the service. if GeneratePodOrdinalService sets to true, RoleSelector will be ignored." + description: "RoleSelector extends the ServiceSpec.Selector by allowing you to specify defined role as selector for the service." type: "string" serviceName: description: "ServiceName defines the name of the underlying service object. If not specified, the default service name with different patterns will be used: \n - CLUSTER_NAME: for cluster-level services - CLUSTER_NAME-COMPONENT_NAME: for component-level services \n Only one default service name is allowed. Cannot be updated." @@ -2168,20 +2284,6 @@ spec: type: "array" x-kubernetes-list-type: "set" type: "object" - classDefRef: - description: "References the class defined in ComponentClassDefinition." - properties: - class: - description: "Defines the name of the class that is defined in the ComponentClassDefinition." - type: "string" - name: - description: "Specifies the name of the ComponentClassDefinition." - maxLength: 63 - pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" - type: "string" - required: - - "class" - type: "object" componentDef: description: "References the name of the ComponentDefinition. If both componentDefRef and componentDef are provided, the componentDef will take precedence over componentDefRef." maxLength: 64 @@ -2199,20 +2301,102 @@ spec: type: "array" x-kubernetes-list-type: "set" instances: - description: "Overrides values in default Template. \n Instance is the fundamental unit managed by KubeBlocks. It represents a Pod with additional objects such as PVCs, Services, ConfigMaps, etc. A component manages instances with a total count of Replicas, and by default, all these instances are generated from the same template. The InstanceTemplate provides a way to override values in the default template, allowing the component to manage instances from different templates." + description: "Overrides values in default Template. \n Instance is the fundamental unit managed by KubeBlocks. It represents a Pod with additional objects such as PVCs, Services, ConfigMaps, etc. A component manages instances with a total count of Replicas, and by default, all these instances are generated from the same template. The InstanceTemplate provides a way to override values in the default template, allowing the component to manage instances from different templates. \n The naming convention for instances (pods) based on the Component Name, InstanceTemplate Name, and ordinal. The constructed instance name follows the pattern: $(component.name)-$(template.name)-$(ordinal). By default, the ordinal starts from 0 for each InstanceTemplate. It is important to ensure that the Name of each InstanceTemplate is unique. \n The sum of replicas across all InstanceTemplates should not exceed the total number of Replicas specified for the Component. Any remaining replicas will be generated using the default template and will follow the default naming rules." items: description: "InstanceTemplate defines values to override in pod template." properties: + RuntimeClassName: + description: "Defines RuntimeClass to override." + type: "string" annotations: additionalProperties: type: "string" description: "Defines annotations to override. Add new or override existing annotations." type: "object" - generateName: - description: "GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. \n Applied only if Name is not specified." - maxLength: 54 - pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" - type: "string" + env: + description: "Defines Env to override. Add new or override existing envs." + items: + description: "EnvVar represents an environment variable present in a Container." + properties: + name: + description: "Name of the environment variable. Must be a C_IDENTIFIER." + type: "string" + value: + description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + type: "string" + valueFrom: + description: "Source for the environment variable's value. Cannot be used if value is not empty." + properties: + configMapKeyRef: + description: "Selects a key of a ConfigMap." + properties: + key: + description: "The key to select." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + fieldRef: + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + required: + - "name" + type: "object" + type: "array" image: description: "Defines image to override. Will override the first container's image of the pod." type: "string" @@ -2222,8 +2406,8 @@ spec: description: "Defines labels to override. Add new or override existing labels." type: "object" name: - description: "Defines the name of the instance. Only applied when Replicas is 1." - maxLength: 64 + description: "Specifies the name of the template. Each instance of the template derives its name from the Component's Name, the template's Name and the instance's ordinal. The constructed instance name follows the pattern $(component.name)-$(template.name)-$(ordinal). The ordinal starts from 0 by default." + maxLength: 54 pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" type: "string" nodeName: @@ -3517,6 +3701,8 @@ spec: - "name" type: "object" type: "array" + required: + - "name" type: "object" type: "array" issuer: @@ -3566,6 +3752,11 @@ spec: maxLength: 22 pattern: "^[a-z]([a-z0-9\\-]*[a-z0-9])?$" type: "string" + offlineInstances: + description: "Specifies instances to be scaled in with dedicated names in the list." + items: + type: "string" + type: "array" replicas: default: 1 description: "Specifies the number of component replicas." @@ -3620,14 +3811,51 @@ spec: cluster: description: "The name of the KubeBlocks cluster being referenced when a service provided by another KubeBlocks cluster is being referenced. \n By default, the clusterDefinition.spec.connectionCredential secret corresponding to the referenced Cluster will be used to bind to the current component. The connection credential secret should include and correspond to the following fields: endpoint, port, username, and password when a KubeBlocks cluster is being referenced. \n Under this referencing approach, the ServiceKind and ServiceVersion of service reference declaration defined in the ClusterDefinition will not be validated. If both Cluster and ServiceDescriptor are specified, the Cluster takes precedence." type: "string" + clusterRef: + description: "Specifies the cluster to reference." + properties: + cluster: + description: "The name of the cluster to reference." + type: "string" + credential: + description: "The credential (SystemAccount) to reference from the cluster." + properties: + component: + description: "The name of the component where the credential resides in." + type: "string" + name: + description: "The name of the credential (SystemAccount) to reference." + type: "string" + required: + - "component" + - "name" + type: "object" + service: + description: "The service to reference from the cluster." + properties: + component: + description: "The name of the component where the service resides in. \n It is required when referencing a component service." + type: "string" + port: + description: "The port name of the service to reference. \n If there is a non-zero node-port exist for the matched service port, the node-port will be selected first. If the referenced service is a pod-service, there will be multiple service objects matched, and the resolved value will be presented in the following format: service1.name:port1,service2.name:port2..." + type: "string" + service: + description: "The name of the service to reference. \n Leave it empty to reference the default service. Set it to \"headless\" to reference the default headless service. If the referenced service is a pod-service, there will be multiple service objects matched, and the resolved value will be presented in the following format: service1.name,service2.name..." + type: "string" + required: + - "service" + type: "object" + required: + - "cluster" + type: "object" name: description: "Specifies the identifier of the service reference declaration. It corresponds to the serviceRefDeclaration name defined in the clusterDefinition.componentDefs[*].serviceRefDeclarations[*].name." type: "string" namespace: - description: "Specifies the namespace of the referenced Cluster or the namespace of the referenced ServiceDescriptor object. If not provided, the referenced Cluster and ServiceDescriptor will be searched in the namespace of the current cluster by default." + description: "Specifies the namespace of the referenced Cluster or ServiceDescriptor object. If not specified, the namespace of the current cluster will be used." type: "string" serviceDescriptor: - description: "The service descriptor of the service provided by external sources. \n When referencing a service provided by external sources, the ServiceDescriptor object name is required to establish the service binding. The `serviceDescriptor.spec.serviceKind` and `serviceDescriptor.spec.serviceVersion` should match the serviceKind and serviceVersion defined in the service reference declaration in the ClusterDefinition. \n If both Cluster and ServiceDescriptor are specified, the Cluster takes precedence." + description: "The service descriptor of the service provided by external sources. \n When referencing a service provided by external sources, a ServiceDescriptor object is required to establish the service binding. The `serviceDescriptor.spec.serviceKind` and `serviceDescriptor.spec.serviceVersion` should match the serviceKind and serviceVersion declared in the definition. \n If both Cluster and ServiceDescriptor are specified, the Cluster takes precedence." type: "string" required: - "name" @@ -3638,7 +3866,7 @@ spec: maxLength: 32 type: "string" services: - description: "Services expose endpoints that can be accessed by clients." + description: "Services overrides services defined in referenced ComponentDefinition." items: properties: annotations: @@ -3647,9 +3875,12 @@ spec: description: "If ServiceType is LoadBalancer, cloud provider related parameters can be put here. More info: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer." type: "object" name: - description: "The name of the service." - maxLength: 15 + description: "References the component service name defined in the ComponentDefinition.Spec.Services[x].Name." + maxLength: 25 type: "string" + podService: + description: "Indicates whether to generate individual services for each pod. If set to true, a separate service will be created for each pod in the cluster." + type: "boolean" serviceType: default: "ClusterIP" description: "Determines how the Service is exposed. Valid options are ClusterIP, NodePort, and LoadBalancer. \n - `ClusterIP` allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, they are determined by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is \"None\", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. - `NodePort` builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. - `LoadBalancer` builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. \n More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types." diff --git a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/opsrequests.yaml b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/opsrequests.yaml index b983e20b8..ebba2adad 100644 --- a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/opsrequests.yaml +++ b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/opsrequests.yaml @@ -253,6 +253,1416 @@ spec: componentName: description: "Specifies the name of the cluster component." type: "string" + instances: + description: "Specifies instances to be added and/or deleted for the workloads. Name and Replicas should be provided. Other fields will simply be ignored. The Replicas will be overridden if an existing InstanceTemplate is matched by Name. Or the InstanceTemplate will be added as a new one." + items: + description: "InstanceTemplate defines values to override in pod template." + properties: + RuntimeClassName: + description: "Defines RuntimeClass to override." + type: "string" + annotations: + additionalProperties: + type: "string" + description: "Defines annotations to override. Add new or override existing annotations." + type: "object" + env: + description: "Defines Env to override. Add new or override existing envs." + items: + description: "EnvVar represents an environment variable present in a Container." + properties: + name: + description: "Name of the environment variable. Must be a C_IDENTIFIER." + type: "string" + value: + description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + type: "string" + valueFrom: + description: "Source for the environment variable's value. Cannot be used if value is not empty." + properties: + configMapKeyRef: + description: "Selects a key of a ConfigMap." + properties: + key: + description: "The key to select." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + fieldRef: + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + required: + - "name" + type: "object" + type: "array" + image: + description: "Defines image to override. Will override the first container's image of the pod." + type: "string" + labels: + additionalProperties: + type: "string" + description: "Defines labels to override. Add new or override existing labels." + type: "object" + name: + description: "Specifies the name of the template. Each instance of the template derives its name from the Component's Name, the template's Name and the instance's ordinal. The constructed instance name follows the pattern $(component.name)-$(template.name)-$(ordinal). The ordinal starts from 0 by default." + maxLength: 54 + pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" + type: "string" + nodeName: + description: "Defines NodeName to override." + type: "string" + nodeSelector: + additionalProperties: + type: "string" + description: "Defines NodeSelector to override." + type: "object" + replicas: + default: 1 + description: "Number of replicas of this template. Default is 1." + format: "int32" + minimum: 0.0 + type: "integer" + resources: + description: "Defines Resources to override. Will override the first container's resources of the pod." + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + tolerations: + description: "Defines Tolerations to override. Add new or override existing tolerations." + items: + description: "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator ." + properties: + effect: + description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + type: "string" + key: + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys." + type: "string" + operator: + description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category." + type: "string" + tolerationSeconds: + description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system." + format: "int64" + type: "integer" + value: + description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string." + type: "string" + type: "object" + type: "array" + volumeClaimTemplates: + description: "Defines VolumeClaimTemplates to override. Add new or override existing volume claim templates." + items: + description: "PersistentVolumeClaim is a user's request for and claim to a persistent volume" + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: "string" + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + metadata: + description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + properties: + annotations: + additionalProperties: + type: "string" + type: "object" + finalizers: + items: + type: "string" + type: "array" + labels: + additionalProperties: + type: "string" + type: "object" + name: + type: "string" + namespace: + type: "string" + type: "object" + spec: + description: "spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + properties: + accessModes: + description: "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + items: + type: "string" + type: "array" + dataSource: + description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." + properties: + apiGroup: + description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + type: "string" + kind: + description: "Kind is the type of resource being referenced" + type: "string" + name: + description: "Name is the name of resource being referenced" + type: "string" + required: + - "kind" + - "name" + type: "object" + x-kubernetes-map-type: "atomic" + dataSourceRef: + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + properties: + apiGroup: + description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + type: "string" + kind: + description: "Kind is the type of resource being referenced" + type: "string" + name: + description: "Name is the name of resource being referenced" + type: "string" + namespace: + description: "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + type: "string" + required: + - "kind" + - "name" + type: "object" + resources: + description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + selector: + description: "selector is a label query over volumes to consider for binding." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + storageClassName: + description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" + type: "string" + volumeMode: + description: "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec." + type: "string" + volumeName: + description: "volumeName is the binding reference to the PersistentVolume backing this claim." + type: "string" + type: "object" + status: + description: "status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + properties: + accessModes: + description: "accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + items: + type: "string" + type: "array" + allocatedResourceStatuses: + additionalProperties: + description: "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource that it does not recognizes, then it should ignore that update and let other controllers handle it." + type: "string" + description: "allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. \n ClaimResourceStatus can be in any of following states: - ControllerResizeInProgress: State set when resize controller starts resizing the volume in control-plane. - ControllerResizeFailed: State set when resize has failed in resize controller with a terminal error. - NodeResizePending: State set when resize controller has finished resizing the volume but further resizing of volume is needed on the node. - NodeResizeInProgress: State set when kubelet starts resizing the volume. - NodeResizeFailed: State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed. For example: if expanding a PVC for more capacity - this field can be one of the following states: - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\" When this field is not set, it means that no resize operation is in progress for the given PVC. \n A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." + type: "object" + x-kubernetes-map-type: "granular" + allocatedResources: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. \n Capacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. \n A controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." + type: "object" + capacity: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "capacity represents the actual resources of the underlying volume." + type: "object" + conditions: + description: "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'." + items: + description: "PersistentVolumeClaimCondition contains details about state of pvc" + properties: + lastProbeTime: + description: "lastProbeTime is the time we probed the condition." + format: "date-time" + type: "string" + lastTransitionTime: + description: "lastTransitionTime is the time the condition transitioned from one status to another." + format: "date-time" + type: "string" + message: + description: "message is the human-readable message indicating details about last transition." + type: "string" + reason: + description: "reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports \"ResizeStarted\" that means the underlying persistent volume is being resized." + type: "string" + status: + type: "string" + type: + description: "PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type" + type: "string" + required: + - "status" + - "type" + type: "object" + type: "array" + phase: + description: "phase represents the current phase of PersistentVolumeClaim." + type: "string" + type: "object" + type: "object" + type: "array" + volumeMounts: + description: "Defines VolumeMounts to override. Add new or override existing volume mounts of the first container in the pod." + items: + description: "VolumeMount describes a mounting of a Volume within a container." + properties: + mountPath: + description: "Path within the container at which the volume should be mounted. Must not contain ':'." + type: "string" + mountPropagation: + description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10." + type: "string" + name: + description: "This must match the Name of a Volume." + type: "string" + readOnly: + description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false." + type: "boolean" + subPath: + description: "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root)." + type: "string" + subPathExpr: + description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive." + type: "string" + required: + - "mountPath" + - "name" + type: "object" + type: "array" + volumes: + description: "Defines Volumes to override. Add new or override existing volumes." + items: + description: "Volume represents a named volume in a pod that may be accessed by any container in the pod." + properties: + awsElasticBlockStore: + description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + properties: + fsType: + description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + partition: + description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." + format: "int32" + type: "integer" + readOnly: + description: "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + type: "boolean" + volumeID: + description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + type: "string" + required: + - "volumeID" + type: "object" + azureDisk: + description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod." + properties: + cachingMode: + description: "cachingMode is the Host Caching mode: None, Read Only, Read Write." + type: "string" + diskName: + description: "diskName is the Name of the data disk in the blob storage" + type: "string" + diskURI: + description: "diskURI is the URI of data disk in the blob storage" + type: "string" + fsType: + description: "fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + kind: + description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" + type: "string" + readOnly: + description: "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + type: "boolean" + required: + - "diskName" + - "diskURI" + type: "object" + azureFile: + description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod." + properties: + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + type: "boolean" + secretName: + description: "secretName is the name of secret that contains Azure Storage Account Name and Key" + type: "string" + shareName: + description: "shareName is the azure share Name" + type: "string" + required: + - "secretName" + - "shareName" + type: "object" + cephfs: + description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime" + properties: + monitors: + description: "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + items: + type: "string" + type: "array" + path: + description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" + type: "string" + readOnly: + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + type: "boolean" + secretFile: + description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + type: "string" + secretRef: + description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + user: + description: "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + type: "string" + required: + - "monitors" + type: "object" + cinder: + description: "cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + properties: + fsType: + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + type: "string" + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + type: "boolean" + secretRef: + description: "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack." + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + volumeID: + description: "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + type: "string" + required: + - "volumeID" + type: "object" + configMap: + description: "configMap represents a configMap that should populate this volume" + properties: + defaultMode: + description: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional specify whether the ConfigMap or its keys must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + csi: + description: "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature)." + properties: + driver: + description: "driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster." + type: "string" + fsType: + description: "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply." + type: "string" + nodePublishSecretRef: + description: "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed." + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + readOnly: + description: "readOnly specifies a read-only configuration for the volume. Defaults to false (read/write)." + type: "boolean" + volumeAttributes: + additionalProperties: + type: "string" + description: "volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values." + type: "object" + required: + - "driver" + type: "object" + downwardAPI: + description: "downwardAPI represents downward API about the pod that should populate this volume" + properties: + defaultMode: + description: "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "Items is a list of downward API volume file" + items: + description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" + properties: + fieldRef: + description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + mode: + description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" + type: "string" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + required: + - "path" + type: "object" + type: "array" + type: "object" + emptyDir: + description: "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + properties: + medium: + description: "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + type: "string" + sizeLimit: + anyOf: + - type: "integer" + - type: "string" + description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + type: "object" + ephemeral: + description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." + properties: + metadata: + description: "May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation." + properties: + annotations: + additionalProperties: + type: "string" + type: "object" + finalizers: + items: + type: "string" + type: "array" + labels: + additionalProperties: + type: "string" + type: "object" + name: + type: "string" + namespace: + type: "string" + type: "object" + spec: + description: "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here." + properties: + accessModes: + description: "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + items: + type: "string" + type: "array" + dataSource: + description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." + properties: + apiGroup: + description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + type: "string" + kind: + description: "Kind is the type of resource being referenced" + type: "string" + name: + description: "Name is the name of resource being referenced" + type: "string" + required: + - "kind" + - "name" + type: "object" + x-kubernetes-map-type: "atomic" + dataSourceRef: + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + properties: + apiGroup: + description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + type: "string" + kind: + description: "Kind is the type of resource being referenced" + type: "string" + name: + description: "Name is the name of resource being referenced" + type: "string" + namespace: + description: "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + type: "string" + required: + - "kind" + - "name" + type: "object" + resources: + description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + selector: + description: "selector is a label query over volumes to consider for binding." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + storageClassName: + description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" + type: "string" + volumeMode: + description: "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec." + type: "string" + volumeName: + description: "volumeName is the binding reference to the PersistentVolume backing this claim." + type: "string" + type: "object" + required: + - "spec" + type: "object" + type: "object" + fc: + description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." + properties: + fsType: + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + lun: + description: "lun is Optional: FC target lun number" + format: "int32" + type: "integer" + readOnly: + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + type: "boolean" + targetWWNs: + description: "targetWWNs is Optional: FC target worldwide names (WWNs)" + items: + type: "string" + type: "array" + wwids: + description: "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously." + items: + type: "string" + type: "array" + type: "object" + flexVolume: + description: "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin." + properties: + driver: + description: "driver is the name of the driver to use for this volume." + type: "string" + fsType: + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script." + type: "string" + options: + additionalProperties: + type: "string" + description: "options is Optional: this field holds extra command options if any." + type: "object" + readOnly: + description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + type: "boolean" + secretRef: + description: "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + required: + - "driver" + type: "object" + flocker: + description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running" + properties: + datasetName: + description: "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated" + type: "string" + datasetUUID: + description: "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset" + type: "string" + type: "object" + gcePersistentDisk: + description: "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + properties: + fsType: + description: "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + partition: + description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + format: "int32" + type: "integer" + pdName: + description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + type: "string" + readOnly: + description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + type: "boolean" + required: + - "pdName" + type: "object" + gitRepo: + description: "gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." + properties: + directory: + description: "directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name." + type: "string" + repository: + description: "repository is the URL" + type: "string" + revision: + description: "revision is the commit hash for the specified revision." + type: "string" + required: + - "repository" + type: "object" + glusterfs: + description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md" + properties: + endpoints: + description: "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + type: "string" + path: + description: "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + type: "string" + readOnly: + description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + type: "boolean" + required: + - "endpoints" + - "path" + type: "object" + hostPath: + description: "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write." + properties: + path: + description: "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + type: "string" + type: + description: "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + type: "string" + required: + - "path" + type: "object" + iscsi: + description: "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" + properties: + chapAuthDiscovery: + description: "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication" + type: "boolean" + chapAuthSession: + description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" + type: "boolean" + fsType: + description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + initiatorName: + description: "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection." + type: "string" + iqn: + description: "iqn is the target iSCSI Qualified Name." + type: "string" + iscsiInterface: + description: "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp)." + type: "string" + lun: + description: "lun represents iSCSI Target Lun number." + format: "int32" + type: "integer" + portals: + description: "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." + items: + type: "string" + type: "array" + readOnly: + description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false." + type: "boolean" + secretRef: + description: "secretRef is the CHAP Secret for iSCSI target and initiator authentication" + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + targetPortal: + description: "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." + type: "string" + required: + - "iqn" + - "lun" + - "targetPortal" + type: "object" + name: + description: "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + nfs: + description: "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + properties: + path: + description: "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + type: "string" + readOnly: + description: "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + type: "boolean" + server: + description: "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + type: "string" + required: + - "path" + - "server" + type: "object" + persistentVolumeClaim: + description: "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + properties: + claimName: + description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + type: "string" + readOnly: + description: "readOnly Will force the ReadOnly setting in VolumeMounts. Default false." + type: "boolean" + required: + - "claimName" + type: "object" + photonPersistentDisk: + description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine" + properties: + fsType: + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + pdID: + description: "pdID is the ID that identifies Photon Controller persistent disk" + type: "string" + required: + - "pdID" + type: "object" + portworxVolume: + description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine" + properties: + fsType: + description: "fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + type: "boolean" + volumeID: + description: "volumeID uniquely identifies a Portworx volume" + type: "string" + required: + - "volumeID" + type: "object" + projected: + description: "projected items for all in one resources secrets, configmaps, and downward API" + properties: + defaultMode: + description: "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + sources: + description: "sources is the list of volume projections" + items: + description: "Projection that may be projected along with other supported volume types" + properties: + configMap: + description: "configMap information about the configMap data to project" + properties: + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional specify whether the ConfigMap or its keys must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + downwardAPI: + description: "downwardAPI information about the downwardAPI data to project" + properties: + items: + description: "Items is a list of DownwardAPIVolume file" + items: + description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" + properties: + fieldRef: + description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + mode: + description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" + type: "string" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + required: + - "path" + type: "object" + type: "array" + type: "object" + secret: + description: "secret information about the secret data to project" + properties: + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional field specify whether the Secret or its key must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + serviceAccountToken: + description: "serviceAccountToken is information about the serviceAccountToken data to project" + properties: + audience: + description: "audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver." + type: "string" + expirationSeconds: + description: "expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes." + format: "int64" + type: "integer" + path: + description: "path is the path relative to the mount point of the file to project the token into." + type: "string" + required: + - "path" + type: "object" + type: "object" + type: "array" + type: "object" + quobyte: + description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime" + properties: + group: + description: "group to map volume access to Default is no group" + type: "string" + readOnly: + description: "readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false." + type: "boolean" + registry: + description: "registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes" + type: "string" + tenant: + description: "tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin" + type: "string" + user: + description: "user to map volume access to Defaults to serivceaccount user" + type: "string" + volume: + description: "volume is a string that references an already created Quobyte volume by name." + type: "string" + required: + - "registry" + - "volume" + type: "object" + rbd: + description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md" + properties: + fsType: + description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + image: + description: "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "string" + keyring: + description: "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "string" + monitors: + description: "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + items: + type: "string" + type: "array" + pool: + description: "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "string" + readOnly: + description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "boolean" + secretRef: + description: "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + user: + description: "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "string" + required: + - "image" + - "monitors" + type: "object" + scaleIO: + description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." + properties: + fsType: + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\"." + type: "string" + gateway: + description: "gateway is the host address of the ScaleIO API Gateway." + type: "string" + protectionDomain: + description: "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage." + type: "string" + readOnly: + description: "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + type: "boolean" + secretRef: + description: "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail." + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + sslEnabled: + description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" + type: "boolean" + storageMode: + description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned." + type: "string" + storagePool: + description: "storagePool is the ScaleIO Storage Pool associated with the protection domain." + type: "string" + system: + description: "system is the name of the storage system as configured in ScaleIO." + type: "string" + volumeName: + description: "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source." + type: "string" + required: + - "gateway" + - "secretRef" + - "system" + type: "object" + secret: + description: "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + properties: + defaultMode: + description: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + optional: + description: "optional field specify whether the Secret or its keys must be defined" + type: "boolean" + secretName: + description: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + type: "string" + type: "object" + storageos: + description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes." + properties: + fsType: + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + type: "boolean" + secretRef: + description: "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted." + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + volumeName: + description: "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace." + type: "string" + volumeNamespace: + description: "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created." + type: "string" + type: "object" + vsphereVolume: + description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine" + properties: + fsType: + description: "fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + storagePolicyID: + description: "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName." + type: "string" + storagePolicyName: + description: "storagePolicyName is the storage Policy Based Management (SPBM) profile name." + type: "string" + volumePath: + description: "volumePath is the path that identifies vSphere volume vmdk" + type: "string" + required: + - "volumePath" + type: "object" + required: + - "name" + type: "object" + type: "array" + required: + - "name" + type: "object" + type: "array" + offlineInstances: + description: "Specifies instances to be scaled in with dedicated names in the list." + items: + type: "string" + type: "array" replicas: description: "Specifies the number of replicas for the workloads." format: "int32" @@ -829,20 +2239,6 @@ spec: x-kubernetes-list-map-keys: - "name" x-kubernetes-list-type: "map" - classDefRef: - description: "A reference to a class defined in ComponentClassDefinition." - properties: - class: - description: "Defines the name of the class that is defined in the ComponentClassDefinition." - type: "string" - name: - description: "Specifies the name of the ComponentClassDefinition." - maxLength: 63 - pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" - type: "string" - required: - - "class" - type: "object" componentName: description: "Specifies the name of the cluster component." type: "string" @@ -961,20 +2357,1411 @@ spec: x-kubernetes-list-map-keys: - "name" x-kubernetes-list-type: "map" - classDefRef: - description: "References a class defined in ComponentClassDefinition." - properties: - class: - description: "Defines the name of the class that is defined in the ComponentClassDefinition." - type: "string" - name: - description: "Specifies the name of the ComponentClassDefinition." - maxLength: 63 - pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" - type: "string" - required: - - "class" - type: "object" + instances: + description: "Records the last instances of the component." + items: + description: "InstanceTemplate defines values to override in pod template." + properties: + RuntimeClassName: + description: "Defines RuntimeClass to override." + type: "string" + annotations: + additionalProperties: + type: "string" + description: "Defines annotations to override. Add new or override existing annotations." + type: "object" + env: + description: "Defines Env to override. Add new or override existing envs." + items: + description: "EnvVar represents an environment variable present in a Container." + properties: + name: + description: "Name of the environment variable. Must be a C_IDENTIFIER." + type: "string" + value: + description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + type: "string" + valueFrom: + description: "Source for the environment variable's value. Cannot be used if value is not empty." + properties: + configMapKeyRef: + description: "Selects a key of a ConfigMap." + properties: + key: + description: "The key to select." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + fieldRef: + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + required: + - "name" + type: "object" + type: "array" + image: + description: "Defines image to override. Will override the first container's image of the pod." + type: "string" + labels: + additionalProperties: + type: "string" + description: "Defines labels to override. Add new or override existing labels." + type: "object" + name: + description: "Specifies the name of the template. Each instance of the template derives its name from the Component's Name, the template's Name and the instance's ordinal. The constructed instance name follows the pattern $(component.name)-$(template.name)-$(ordinal). The ordinal starts from 0 by default." + maxLength: 54 + pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" + type: "string" + nodeName: + description: "Defines NodeName to override." + type: "string" + nodeSelector: + additionalProperties: + type: "string" + description: "Defines NodeSelector to override." + type: "object" + replicas: + default: 1 + description: "Number of replicas of this template. Default is 1." + format: "int32" + minimum: 0.0 + type: "integer" + resources: + description: "Defines Resources to override. Will override the first container's resources of the pod." + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + tolerations: + description: "Defines Tolerations to override. Add new or override existing tolerations." + items: + description: "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator ." + properties: + effect: + description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + type: "string" + key: + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys." + type: "string" + operator: + description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category." + type: "string" + tolerationSeconds: + description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system." + format: "int64" + type: "integer" + value: + description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string." + type: "string" + type: "object" + type: "array" + volumeClaimTemplates: + description: "Defines VolumeClaimTemplates to override. Add new or override existing volume claim templates." + items: + description: "PersistentVolumeClaim is a user's request for and claim to a persistent volume" + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: "string" + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + metadata: + description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + properties: + annotations: + additionalProperties: + type: "string" + type: "object" + finalizers: + items: + type: "string" + type: "array" + labels: + additionalProperties: + type: "string" + type: "object" + name: + type: "string" + namespace: + type: "string" + type: "object" + spec: + description: "spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + properties: + accessModes: + description: "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + items: + type: "string" + type: "array" + dataSource: + description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." + properties: + apiGroup: + description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + type: "string" + kind: + description: "Kind is the type of resource being referenced" + type: "string" + name: + description: "Name is the name of resource being referenced" + type: "string" + required: + - "kind" + - "name" + type: "object" + x-kubernetes-map-type: "atomic" + dataSourceRef: + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + properties: + apiGroup: + description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + type: "string" + kind: + description: "Kind is the type of resource being referenced" + type: "string" + name: + description: "Name is the name of resource being referenced" + type: "string" + namespace: + description: "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + type: "string" + required: + - "kind" + - "name" + type: "object" + resources: + description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + selector: + description: "selector is a label query over volumes to consider for binding." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + storageClassName: + description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" + type: "string" + volumeMode: + description: "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec." + type: "string" + volumeName: + description: "volumeName is the binding reference to the PersistentVolume backing this claim." + type: "string" + type: "object" + status: + description: "status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + properties: + accessModes: + description: "accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + items: + type: "string" + type: "array" + allocatedResourceStatuses: + additionalProperties: + description: "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource that it does not recognizes, then it should ignore that update and let other controllers handle it." + type: "string" + description: "allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. \n ClaimResourceStatus can be in any of following states: - ControllerResizeInProgress: State set when resize controller starts resizing the volume in control-plane. - ControllerResizeFailed: State set when resize has failed in resize controller with a terminal error. - NodeResizePending: State set when resize controller has finished resizing the volume but further resizing of volume is needed on the node. - NodeResizeInProgress: State set when kubelet starts resizing the volume. - NodeResizeFailed: State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed. For example: if expanding a PVC for more capacity - this field can be one of the following states: - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\" When this field is not set, it means that no resize operation is in progress for the given PVC. \n A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." + type: "object" + x-kubernetes-map-type: "granular" + allocatedResources: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. \n Capacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. \n A controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." + type: "object" + capacity: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "capacity represents the actual resources of the underlying volume." + type: "object" + conditions: + description: "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'." + items: + description: "PersistentVolumeClaimCondition contains details about state of pvc" + properties: + lastProbeTime: + description: "lastProbeTime is the time we probed the condition." + format: "date-time" + type: "string" + lastTransitionTime: + description: "lastTransitionTime is the time the condition transitioned from one status to another." + format: "date-time" + type: "string" + message: + description: "message is the human-readable message indicating details about last transition." + type: "string" + reason: + description: "reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports \"ResizeStarted\" that means the underlying persistent volume is being resized." + type: "string" + status: + type: "string" + type: + description: "PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type" + type: "string" + required: + - "status" + - "type" + type: "object" + type: "array" + phase: + description: "phase represents the current phase of PersistentVolumeClaim." + type: "string" + type: "object" + type: "object" + type: "array" + volumeMounts: + description: "Defines VolumeMounts to override. Add new or override existing volume mounts of the first container in the pod." + items: + description: "VolumeMount describes a mounting of a Volume within a container." + properties: + mountPath: + description: "Path within the container at which the volume should be mounted. Must not contain ':'." + type: "string" + mountPropagation: + description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10." + type: "string" + name: + description: "This must match the Name of a Volume." + type: "string" + readOnly: + description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false." + type: "boolean" + subPath: + description: "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root)." + type: "string" + subPathExpr: + description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive." + type: "string" + required: + - "mountPath" + - "name" + type: "object" + type: "array" + volumes: + description: "Defines Volumes to override. Add new or override existing volumes." + items: + description: "Volume represents a named volume in a pod that may be accessed by any container in the pod." + properties: + awsElasticBlockStore: + description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + properties: + fsType: + description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + partition: + description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." + format: "int32" + type: "integer" + readOnly: + description: "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + type: "boolean" + volumeID: + description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + type: "string" + required: + - "volumeID" + type: "object" + azureDisk: + description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod." + properties: + cachingMode: + description: "cachingMode is the Host Caching mode: None, Read Only, Read Write." + type: "string" + diskName: + description: "diskName is the Name of the data disk in the blob storage" + type: "string" + diskURI: + description: "diskURI is the URI of data disk in the blob storage" + type: "string" + fsType: + description: "fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + kind: + description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" + type: "string" + readOnly: + description: "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + type: "boolean" + required: + - "diskName" + - "diskURI" + type: "object" + azureFile: + description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod." + properties: + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + type: "boolean" + secretName: + description: "secretName is the name of secret that contains Azure Storage Account Name and Key" + type: "string" + shareName: + description: "shareName is the azure share Name" + type: "string" + required: + - "secretName" + - "shareName" + type: "object" + cephfs: + description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime" + properties: + monitors: + description: "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + items: + type: "string" + type: "array" + path: + description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" + type: "string" + readOnly: + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + type: "boolean" + secretFile: + description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + type: "string" + secretRef: + description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + user: + description: "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + type: "string" + required: + - "monitors" + type: "object" + cinder: + description: "cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + properties: + fsType: + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + type: "string" + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + type: "boolean" + secretRef: + description: "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack." + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + volumeID: + description: "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + type: "string" + required: + - "volumeID" + type: "object" + configMap: + description: "configMap represents a configMap that should populate this volume" + properties: + defaultMode: + description: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional specify whether the ConfigMap or its keys must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + csi: + description: "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature)." + properties: + driver: + description: "driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster." + type: "string" + fsType: + description: "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply." + type: "string" + nodePublishSecretRef: + description: "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed." + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + readOnly: + description: "readOnly specifies a read-only configuration for the volume. Defaults to false (read/write)." + type: "boolean" + volumeAttributes: + additionalProperties: + type: "string" + description: "volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values." + type: "object" + required: + - "driver" + type: "object" + downwardAPI: + description: "downwardAPI represents downward API about the pod that should populate this volume" + properties: + defaultMode: + description: "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "Items is a list of downward API volume file" + items: + description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" + properties: + fieldRef: + description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + mode: + description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" + type: "string" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + required: + - "path" + type: "object" + type: "array" + type: "object" + emptyDir: + description: "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + properties: + medium: + description: "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + type: "string" + sizeLimit: + anyOf: + - type: "integer" + - type: "string" + description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + type: "object" + ephemeral: + description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." + properties: + metadata: + description: "May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation." + properties: + annotations: + additionalProperties: + type: "string" + type: "object" + finalizers: + items: + type: "string" + type: "array" + labels: + additionalProperties: + type: "string" + type: "object" + name: + type: "string" + namespace: + type: "string" + type: "object" + spec: + description: "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here." + properties: + accessModes: + description: "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + items: + type: "string" + type: "array" + dataSource: + description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." + properties: + apiGroup: + description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + type: "string" + kind: + description: "Kind is the type of resource being referenced" + type: "string" + name: + description: "Name is the name of resource being referenced" + type: "string" + required: + - "kind" + - "name" + type: "object" + x-kubernetes-map-type: "atomic" + dataSourceRef: + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + properties: + apiGroup: + description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + type: "string" + kind: + description: "Kind is the type of resource being referenced" + type: "string" + name: + description: "Name is the name of resource being referenced" + type: "string" + namespace: + description: "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + type: "string" + required: + - "kind" + - "name" + type: "object" + resources: + description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + selector: + description: "selector is a label query over volumes to consider for binding." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + storageClassName: + description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" + type: "string" + volumeMode: + description: "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec." + type: "string" + volumeName: + description: "volumeName is the binding reference to the PersistentVolume backing this claim." + type: "string" + type: "object" + required: + - "spec" + type: "object" + type: "object" + fc: + description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." + properties: + fsType: + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + lun: + description: "lun is Optional: FC target lun number" + format: "int32" + type: "integer" + readOnly: + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + type: "boolean" + targetWWNs: + description: "targetWWNs is Optional: FC target worldwide names (WWNs)" + items: + type: "string" + type: "array" + wwids: + description: "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously." + items: + type: "string" + type: "array" + type: "object" + flexVolume: + description: "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin." + properties: + driver: + description: "driver is the name of the driver to use for this volume." + type: "string" + fsType: + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script." + type: "string" + options: + additionalProperties: + type: "string" + description: "options is Optional: this field holds extra command options if any." + type: "object" + readOnly: + description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + type: "boolean" + secretRef: + description: "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + required: + - "driver" + type: "object" + flocker: + description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running" + properties: + datasetName: + description: "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated" + type: "string" + datasetUUID: + description: "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset" + type: "string" + type: "object" + gcePersistentDisk: + description: "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + properties: + fsType: + description: "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + partition: + description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + format: "int32" + type: "integer" + pdName: + description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + type: "string" + readOnly: + description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + type: "boolean" + required: + - "pdName" + type: "object" + gitRepo: + description: "gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." + properties: + directory: + description: "directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name." + type: "string" + repository: + description: "repository is the URL" + type: "string" + revision: + description: "revision is the commit hash for the specified revision." + type: "string" + required: + - "repository" + type: "object" + glusterfs: + description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md" + properties: + endpoints: + description: "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + type: "string" + path: + description: "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + type: "string" + readOnly: + description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + type: "boolean" + required: + - "endpoints" + - "path" + type: "object" + hostPath: + description: "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write." + properties: + path: + description: "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + type: "string" + type: + description: "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + type: "string" + required: + - "path" + type: "object" + iscsi: + description: "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" + properties: + chapAuthDiscovery: + description: "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication" + type: "boolean" + chapAuthSession: + description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" + type: "boolean" + fsType: + description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + initiatorName: + description: "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection." + type: "string" + iqn: + description: "iqn is the target iSCSI Qualified Name." + type: "string" + iscsiInterface: + description: "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp)." + type: "string" + lun: + description: "lun represents iSCSI Target Lun number." + format: "int32" + type: "integer" + portals: + description: "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." + items: + type: "string" + type: "array" + readOnly: + description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false." + type: "boolean" + secretRef: + description: "secretRef is the CHAP Secret for iSCSI target and initiator authentication" + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + targetPortal: + description: "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." + type: "string" + required: + - "iqn" + - "lun" + - "targetPortal" + type: "object" + name: + description: "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + nfs: + description: "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + properties: + path: + description: "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + type: "string" + readOnly: + description: "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + type: "boolean" + server: + description: "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + type: "string" + required: + - "path" + - "server" + type: "object" + persistentVolumeClaim: + description: "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + properties: + claimName: + description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + type: "string" + readOnly: + description: "readOnly Will force the ReadOnly setting in VolumeMounts. Default false." + type: "boolean" + required: + - "claimName" + type: "object" + photonPersistentDisk: + description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine" + properties: + fsType: + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + pdID: + description: "pdID is the ID that identifies Photon Controller persistent disk" + type: "string" + required: + - "pdID" + type: "object" + portworxVolume: + description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine" + properties: + fsType: + description: "fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + type: "boolean" + volumeID: + description: "volumeID uniquely identifies a Portworx volume" + type: "string" + required: + - "volumeID" + type: "object" + projected: + description: "projected items for all in one resources secrets, configmaps, and downward API" + properties: + defaultMode: + description: "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + sources: + description: "sources is the list of volume projections" + items: + description: "Projection that may be projected along with other supported volume types" + properties: + configMap: + description: "configMap information about the configMap data to project" + properties: + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional specify whether the ConfigMap or its keys must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + downwardAPI: + description: "downwardAPI information about the downwardAPI data to project" + properties: + items: + description: "Items is a list of DownwardAPIVolume file" + items: + description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" + properties: + fieldRef: + description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + mode: + description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" + type: "string" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + required: + - "path" + type: "object" + type: "array" + type: "object" + secret: + description: "secret information about the secret data to project" + properties: + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional field specify whether the Secret or its key must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + serviceAccountToken: + description: "serviceAccountToken is information about the serviceAccountToken data to project" + properties: + audience: + description: "audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver." + type: "string" + expirationSeconds: + description: "expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes." + format: "int64" + type: "integer" + path: + description: "path is the path relative to the mount point of the file to project the token into." + type: "string" + required: + - "path" + type: "object" + type: "object" + type: "array" + type: "object" + quobyte: + description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime" + properties: + group: + description: "group to map volume access to Default is no group" + type: "string" + readOnly: + description: "readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false." + type: "boolean" + registry: + description: "registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes" + type: "string" + tenant: + description: "tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin" + type: "string" + user: + description: "user to map volume access to Defaults to serivceaccount user" + type: "string" + volume: + description: "volume is a string that references an already created Quobyte volume by name." + type: "string" + required: + - "registry" + - "volume" + type: "object" + rbd: + description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md" + properties: + fsType: + description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + image: + description: "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "string" + keyring: + description: "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "string" + monitors: + description: "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + items: + type: "string" + type: "array" + pool: + description: "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "string" + readOnly: + description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "boolean" + secretRef: + description: "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + user: + description: "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "string" + required: + - "image" + - "monitors" + type: "object" + scaleIO: + description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." + properties: + fsType: + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\"." + type: "string" + gateway: + description: "gateway is the host address of the ScaleIO API Gateway." + type: "string" + protectionDomain: + description: "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage." + type: "string" + readOnly: + description: "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + type: "boolean" + secretRef: + description: "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail." + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + sslEnabled: + description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" + type: "boolean" + storageMode: + description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned." + type: "string" + storagePool: + description: "storagePool is the ScaleIO Storage Pool associated with the protection domain." + type: "string" + system: + description: "system is the name of the storage system as configured in ScaleIO." + type: "string" + volumeName: + description: "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source." + type: "string" + required: + - "gateway" + - "secretRef" + - "system" + type: "object" + secret: + description: "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + properties: + defaultMode: + description: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + optional: + description: "optional field specify whether the Secret or its keys must be defined" + type: "boolean" + secretName: + description: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + type: "string" + type: "object" + storageos: + description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes." + properties: + fsType: + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + type: "boolean" + secretRef: + description: "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted." + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + volumeName: + description: "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace." + type: "string" + volumeNamespace: + description: "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created." + type: "string" + type: "object" + vsphereVolume: + description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine" + properties: + fsType: + description: "fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + storagePolicyID: + description: "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName." + type: "string" + storagePolicyName: + description: "storagePolicyName is the storage Policy Based Management (SPBM) profile name." + type: "string" + volumePath: + description: "volumePath is the path that identifies vSphere volume vmdk" + type: "string" + required: + - "volumePath" + type: "object" + required: + - "name" + type: "object" + type: "array" + required: + - "name" + type: "object" + type: "array" limits: additionalProperties: anyOf: @@ -984,6 +3771,11 @@ spec: x-kubernetes-int-or-string: true description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" + offlineInstances: + description: "Records the last offline instances of the component." + items: + type: "string" + type: "array" opsName: description: "Indicates the opsRequest name." type: "string" @@ -1010,9 +3802,12 @@ spec: description: "If ServiceType is LoadBalancer, cloud provider related parameters can be put here. More info: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer." type: "object" name: - description: "The name of the service." - maxLength: 15 + description: "References the component service name defined in the ComponentDefinition.Spec.Services[x].Name." + maxLength: 25 type: "string" + podService: + description: "Indicates whether to generate individual services for each pod. If set to true, a separate service will be created for each pod in the cluster." + type: "boolean" serviceType: default: "ClusterIP" description: "Determines how the Service is exposed. Valid options are ClusterIP, NodePort, and LoadBalancer. \n - `ClusterIP` allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, they are determined by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is \"None\", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. - `NodePort` builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. - `LoadBalancer` builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. \n More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types." @@ -1240,20 +4035,1411 @@ spec: x-kubernetes-list-map-keys: - "name" x-kubernetes-list-type: "map" - classDefRef: - description: "References a class defined in ComponentClassDefinition." - properties: - class: - description: "Defines the name of the class that is defined in the ComponentClassDefinition." - type: "string" - name: - description: "Specifies the name of the ComponentClassDefinition." - maxLength: 63 - pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" - type: "string" - required: - - "class" - type: "object" + instances: + description: "Records the last instances of the component." + items: + description: "InstanceTemplate defines values to override in pod template." + properties: + RuntimeClassName: + description: "Defines RuntimeClass to override." + type: "string" + annotations: + additionalProperties: + type: "string" + description: "Defines annotations to override. Add new or override existing annotations." + type: "object" + env: + description: "Defines Env to override. Add new or override existing envs." + items: + description: "EnvVar represents an environment variable present in a Container." + properties: + name: + description: "Name of the environment variable. Must be a C_IDENTIFIER." + type: "string" + value: + description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + type: "string" + valueFrom: + description: "Source for the environment variable's value. Cannot be used if value is not empty." + properties: + configMapKeyRef: + description: "Selects a key of a ConfigMap." + properties: + key: + description: "The key to select." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + fieldRef: + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + required: + - "name" + type: "object" + type: "array" + image: + description: "Defines image to override. Will override the first container's image of the pod." + type: "string" + labels: + additionalProperties: + type: "string" + description: "Defines labels to override. Add new or override existing labels." + type: "object" + name: + description: "Specifies the name of the template. Each instance of the template derives its name from the Component's Name, the template's Name and the instance's ordinal. The constructed instance name follows the pattern $(component.name)-$(template.name)-$(ordinal). The ordinal starts from 0 by default." + maxLength: 54 + pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" + type: "string" + nodeName: + description: "Defines NodeName to override." + type: "string" + nodeSelector: + additionalProperties: + type: "string" + description: "Defines NodeSelector to override." + type: "object" + replicas: + default: 1 + description: "Number of replicas of this template. Default is 1." + format: "int32" + minimum: 0.0 + type: "integer" + resources: + description: "Defines Resources to override. Will override the first container's resources of the pod." + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + tolerations: + description: "Defines Tolerations to override. Add new or override existing tolerations." + items: + description: "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator ." + properties: + effect: + description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + type: "string" + key: + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys." + type: "string" + operator: + description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category." + type: "string" + tolerationSeconds: + description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system." + format: "int64" + type: "integer" + value: + description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string." + type: "string" + type: "object" + type: "array" + volumeClaimTemplates: + description: "Defines VolumeClaimTemplates to override. Add new or override existing volume claim templates." + items: + description: "PersistentVolumeClaim is a user's request for and claim to a persistent volume" + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: "string" + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + metadata: + description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + properties: + annotations: + additionalProperties: + type: "string" + type: "object" + finalizers: + items: + type: "string" + type: "array" + labels: + additionalProperties: + type: "string" + type: "object" + name: + type: "string" + namespace: + type: "string" + type: "object" + spec: + description: "spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + properties: + accessModes: + description: "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + items: + type: "string" + type: "array" + dataSource: + description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." + properties: + apiGroup: + description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + type: "string" + kind: + description: "Kind is the type of resource being referenced" + type: "string" + name: + description: "Name is the name of resource being referenced" + type: "string" + required: + - "kind" + - "name" + type: "object" + x-kubernetes-map-type: "atomic" + dataSourceRef: + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + properties: + apiGroup: + description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + type: "string" + kind: + description: "Kind is the type of resource being referenced" + type: "string" + name: + description: "Name is the name of resource being referenced" + type: "string" + namespace: + description: "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + type: "string" + required: + - "kind" + - "name" + type: "object" + resources: + description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + selector: + description: "selector is a label query over volumes to consider for binding." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + storageClassName: + description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" + type: "string" + volumeMode: + description: "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec." + type: "string" + volumeName: + description: "volumeName is the binding reference to the PersistentVolume backing this claim." + type: "string" + type: "object" + status: + description: "status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + properties: + accessModes: + description: "accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + items: + type: "string" + type: "array" + allocatedResourceStatuses: + additionalProperties: + description: "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource that it does not recognizes, then it should ignore that update and let other controllers handle it." + type: "string" + description: "allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. \n ClaimResourceStatus can be in any of following states: - ControllerResizeInProgress: State set when resize controller starts resizing the volume in control-plane. - ControllerResizeFailed: State set when resize has failed in resize controller with a terminal error. - NodeResizePending: State set when resize controller has finished resizing the volume but further resizing of volume is needed on the node. - NodeResizeInProgress: State set when kubelet starts resizing the volume. - NodeResizeFailed: State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed. For example: if expanding a PVC for more capacity - this field can be one of the following states: - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\" When this field is not set, it means that no resize operation is in progress for the given PVC. \n A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." + type: "object" + x-kubernetes-map-type: "granular" + allocatedResources: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. \n Capacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. \n A controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." + type: "object" + capacity: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "capacity represents the actual resources of the underlying volume." + type: "object" + conditions: + description: "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'." + items: + description: "PersistentVolumeClaimCondition contains details about state of pvc" + properties: + lastProbeTime: + description: "lastProbeTime is the time we probed the condition." + format: "date-time" + type: "string" + lastTransitionTime: + description: "lastTransitionTime is the time the condition transitioned from one status to another." + format: "date-time" + type: "string" + message: + description: "message is the human-readable message indicating details about last transition." + type: "string" + reason: + description: "reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports \"ResizeStarted\" that means the underlying persistent volume is being resized." + type: "string" + status: + type: "string" + type: + description: "PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type" + type: "string" + required: + - "status" + - "type" + type: "object" + type: "array" + phase: + description: "phase represents the current phase of PersistentVolumeClaim." + type: "string" + type: "object" + type: "object" + type: "array" + volumeMounts: + description: "Defines VolumeMounts to override. Add new or override existing volume mounts of the first container in the pod." + items: + description: "VolumeMount describes a mounting of a Volume within a container." + properties: + mountPath: + description: "Path within the container at which the volume should be mounted. Must not contain ':'." + type: "string" + mountPropagation: + description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10." + type: "string" + name: + description: "This must match the Name of a Volume." + type: "string" + readOnly: + description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false." + type: "boolean" + subPath: + description: "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root)." + type: "string" + subPathExpr: + description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive." + type: "string" + required: + - "mountPath" + - "name" + type: "object" + type: "array" + volumes: + description: "Defines Volumes to override. Add new or override existing volumes." + items: + description: "Volume represents a named volume in a pod that may be accessed by any container in the pod." + properties: + awsElasticBlockStore: + description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + properties: + fsType: + description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + partition: + description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." + format: "int32" + type: "integer" + readOnly: + description: "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + type: "boolean" + volumeID: + description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + type: "string" + required: + - "volumeID" + type: "object" + azureDisk: + description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod." + properties: + cachingMode: + description: "cachingMode is the Host Caching mode: None, Read Only, Read Write." + type: "string" + diskName: + description: "diskName is the Name of the data disk in the blob storage" + type: "string" + diskURI: + description: "diskURI is the URI of data disk in the blob storage" + type: "string" + fsType: + description: "fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + kind: + description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" + type: "string" + readOnly: + description: "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + type: "boolean" + required: + - "diskName" + - "diskURI" + type: "object" + azureFile: + description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod." + properties: + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + type: "boolean" + secretName: + description: "secretName is the name of secret that contains Azure Storage Account Name and Key" + type: "string" + shareName: + description: "shareName is the azure share Name" + type: "string" + required: + - "secretName" + - "shareName" + type: "object" + cephfs: + description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime" + properties: + monitors: + description: "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + items: + type: "string" + type: "array" + path: + description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" + type: "string" + readOnly: + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + type: "boolean" + secretFile: + description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + type: "string" + secretRef: + description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + user: + description: "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + type: "string" + required: + - "monitors" + type: "object" + cinder: + description: "cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + properties: + fsType: + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + type: "string" + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + type: "boolean" + secretRef: + description: "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack." + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + volumeID: + description: "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + type: "string" + required: + - "volumeID" + type: "object" + configMap: + description: "configMap represents a configMap that should populate this volume" + properties: + defaultMode: + description: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional specify whether the ConfigMap or its keys must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + csi: + description: "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature)." + properties: + driver: + description: "driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster." + type: "string" + fsType: + description: "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply." + type: "string" + nodePublishSecretRef: + description: "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed." + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + readOnly: + description: "readOnly specifies a read-only configuration for the volume. Defaults to false (read/write)." + type: "boolean" + volumeAttributes: + additionalProperties: + type: "string" + description: "volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values." + type: "object" + required: + - "driver" + type: "object" + downwardAPI: + description: "downwardAPI represents downward API about the pod that should populate this volume" + properties: + defaultMode: + description: "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "Items is a list of downward API volume file" + items: + description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" + properties: + fieldRef: + description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + mode: + description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" + type: "string" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + required: + - "path" + type: "object" + type: "array" + type: "object" + emptyDir: + description: "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + properties: + medium: + description: "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + type: "string" + sizeLimit: + anyOf: + - type: "integer" + - type: "string" + description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + type: "object" + ephemeral: + description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." + properties: + metadata: + description: "May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation." + properties: + annotations: + additionalProperties: + type: "string" + type: "object" + finalizers: + items: + type: "string" + type: "array" + labels: + additionalProperties: + type: "string" + type: "object" + name: + type: "string" + namespace: + type: "string" + type: "object" + spec: + description: "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here." + properties: + accessModes: + description: "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + items: + type: "string" + type: "array" + dataSource: + description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." + properties: + apiGroup: + description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + type: "string" + kind: + description: "Kind is the type of resource being referenced" + type: "string" + name: + description: "Name is the name of resource being referenced" + type: "string" + required: + - "kind" + - "name" + type: "object" + x-kubernetes-map-type: "atomic" + dataSourceRef: + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + properties: + apiGroup: + description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + type: "string" + kind: + description: "Kind is the type of resource being referenced" + type: "string" + name: + description: "Name is the name of resource being referenced" + type: "string" + namespace: + description: "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + type: "string" + required: + - "kind" + - "name" + type: "object" + resources: + description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + selector: + description: "selector is a label query over volumes to consider for binding." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + storageClassName: + description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" + type: "string" + volumeMode: + description: "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec." + type: "string" + volumeName: + description: "volumeName is the binding reference to the PersistentVolume backing this claim." + type: "string" + type: "object" + required: + - "spec" + type: "object" + type: "object" + fc: + description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." + properties: + fsType: + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + lun: + description: "lun is Optional: FC target lun number" + format: "int32" + type: "integer" + readOnly: + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + type: "boolean" + targetWWNs: + description: "targetWWNs is Optional: FC target worldwide names (WWNs)" + items: + type: "string" + type: "array" + wwids: + description: "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously." + items: + type: "string" + type: "array" + type: "object" + flexVolume: + description: "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin." + properties: + driver: + description: "driver is the name of the driver to use for this volume." + type: "string" + fsType: + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script." + type: "string" + options: + additionalProperties: + type: "string" + description: "options is Optional: this field holds extra command options if any." + type: "object" + readOnly: + description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + type: "boolean" + secretRef: + description: "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + required: + - "driver" + type: "object" + flocker: + description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running" + properties: + datasetName: + description: "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated" + type: "string" + datasetUUID: + description: "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset" + type: "string" + type: "object" + gcePersistentDisk: + description: "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + properties: + fsType: + description: "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + partition: + description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + format: "int32" + type: "integer" + pdName: + description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + type: "string" + readOnly: + description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + type: "boolean" + required: + - "pdName" + type: "object" + gitRepo: + description: "gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." + properties: + directory: + description: "directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name." + type: "string" + repository: + description: "repository is the URL" + type: "string" + revision: + description: "revision is the commit hash for the specified revision." + type: "string" + required: + - "repository" + type: "object" + glusterfs: + description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md" + properties: + endpoints: + description: "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + type: "string" + path: + description: "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + type: "string" + readOnly: + description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + type: "boolean" + required: + - "endpoints" + - "path" + type: "object" + hostPath: + description: "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write." + properties: + path: + description: "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + type: "string" + type: + description: "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + type: "string" + required: + - "path" + type: "object" + iscsi: + description: "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" + properties: + chapAuthDiscovery: + description: "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication" + type: "boolean" + chapAuthSession: + description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" + type: "boolean" + fsType: + description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + initiatorName: + description: "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection." + type: "string" + iqn: + description: "iqn is the target iSCSI Qualified Name." + type: "string" + iscsiInterface: + description: "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp)." + type: "string" + lun: + description: "lun represents iSCSI Target Lun number." + format: "int32" + type: "integer" + portals: + description: "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." + items: + type: "string" + type: "array" + readOnly: + description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false." + type: "boolean" + secretRef: + description: "secretRef is the CHAP Secret for iSCSI target and initiator authentication" + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + targetPortal: + description: "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." + type: "string" + required: + - "iqn" + - "lun" + - "targetPortal" + type: "object" + name: + description: "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + nfs: + description: "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + properties: + path: + description: "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + type: "string" + readOnly: + description: "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + type: "boolean" + server: + description: "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + type: "string" + required: + - "path" + - "server" + type: "object" + persistentVolumeClaim: + description: "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + properties: + claimName: + description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + type: "string" + readOnly: + description: "readOnly Will force the ReadOnly setting in VolumeMounts. Default false." + type: "boolean" + required: + - "claimName" + type: "object" + photonPersistentDisk: + description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine" + properties: + fsType: + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + pdID: + description: "pdID is the ID that identifies Photon Controller persistent disk" + type: "string" + required: + - "pdID" + type: "object" + portworxVolume: + description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine" + properties: + fsType: + description: "fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + type: "boolean" + volumeID: + description: "volumeID uniquely identifies a Portworx volume" + type: "string" + required: + - "volumeID" + type: "object" + projected: + description: "projected items for all in one resources secrets, configmaps, and downward API" + properties: + defaultMode: + description: "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + sources: + description: "sources is the list of volume projections" + items: + description: "Projection that may be projected along with other supported volume types" + properties: + configMap: + description: "configMap information about the configMap data to project" + properties: + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional specify whether the ConfigMap or its keys must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + downwardAPI: + description: "downwardAPI information about the downwardAPI data to project" + properties: + items: + description: "Items is a list of DownwardAPIVolume file" + items: + description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" + properties: + fieldRef: + description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + mode: + description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" + type: "string" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + required: + - "path" + type: "object" + type: "array" + type: "object" + secret: + description: "secret information about the secret data to project" + properties: + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional field specify whether the Secret or its key must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + serviceAccountToken: + description: "serviceAccountToken is information about the serviceAccountToken data to project" + properties: + audience: + description: "audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver." + type: "string" + expirationSeconds: + description: "expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes." + format: "int64" + type: "integer" + path: + description: "path is the path relative to the mount point of the file to project the token into." + type: "string" + required: + - "path" + type: "object" + type: "object" + type: "array" + type: "object" + quobyte: + description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime" + properties: + group: + description: "group to map volume access to Default is no group" + type: "string" + readOnly: + description: "readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false." + type: "boolean" + registry: + description: "registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes" + type: "string" + tenant: + description: "tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin" + type: "string" + user: + description: "user to map volume access to Defaults to serivceaccount user" + type: "string" + volume: + description: "volume is a string that references an already created Quobyte volume by name." + type: "string" + required: + - "registry" + - "volume" + type: "object" + rbd: + description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md" + properties: + fsType: + description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine" + type: "string" + image: + description: "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "string" + keyring: + description: "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "string" + monitors: + description: "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + items: + type: "string" + type: "array" + pool: + description: "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "string" + readOnly: + description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "boolean" + secretRef: + description: "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + user: + description: "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + type: "string" + required: + - "image" + - "monitors" + type: "object" + scaleIO: + description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." + properties: + fsType: + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\"." + type: "string" + gateway: + description: "gateway is the host address of the ScaleIO API Gateway." + type: "string" + protectionDomain: + description: "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage." + type: "string" + readOnly: + description: "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + type: "boolean" + secretRef: + description: "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail." + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + sslEnabled: + description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" + type: "boolean" + storageMode: + description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned." + type: "string" + storagePool: + description: "storagePool is the ScaleIO Storage Pool associated with the protection domain." + type: "string" + system: + description: "system is the name of the storage system as configured in ScaleIO." + type: "string" + volumeName: + description: "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source." + type: "string" + required: + - "gateway" + - "secretRef" + - "system" + type: "object" + secret: + description: "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + properties: + defaultMode: + description: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + optional: + description: "optional field specify whether the Secret or its keys must be defined" + type: "boolean" + secretName: + description: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + type: "string" + type: "object" + storageos: + description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes." + properties: + fsType: + description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + readOnly: + description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + type: "boolean" + secretRef: + description: "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted." + properties: + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + volumeName: + description: "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace." + type: "string" + volumeNamespace: + description: "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created." + type: "string" + type: "object" + vsphereVolume: + description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine" + properties: + fsType: + description: "fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + type: "string" + storagePolicyID: + description: "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName." + type: "string" + storagePolicyName: + description: "storagePolicyName is the storage Policy Based Management (SPBM) profile name." + type: "string" + volumePath: + description: "volumePath is the path that identifies vSphere volume vmdk" + type: "string" + required: + - "volumePath" + type: "object" + required: + - "name" + type: "object" + type: "array" + required: + - "name" + type: "object" + type: "array" limits: additionalProperties: anyOf: @@ -1263,6 +5449,11 @@ spec: x-kubernetes-int-or-string: true description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" + offlineInstances: + description: "Records the last offline instances of the component." + items: + type: "string" + type: "array" replicas: description: "Represents the last replicas of the component." format: "int32" @@ -1286,9 +5477,12 @@ spec: description: "If ServiceType is LoadBalancer, cloud provider related parameters can be put here. More info: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer." type: "object" name: - description: "The name of the service." - maxLength: 15 + description: "References the component service name defined in the ComponentDefinition.Spec.Services[x].Name." + maxLength: 25 type: "string" + podService: + description: "Indicates whether to generate individual services for each pod. If set to true, a separate service will be created for each pod in the cluster." + type: "boolean" serviceType: default: "ClusterIP" description: "Determines how the Service is exposed. Valid options are ClusterIP, NodePort, and LoadBalancer. \n - `ClusterIP` allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, they are determined by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is \"None\", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. - `NodePort` builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. - `LoadBalancer` builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. \n More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types." diff --git a/crd-catalog/apecloud/kubeblocks/workloads.kubeblocks.io/v1alpha1/replicatedstatemachines.yaml b/crd-catalog/apecloud/kubeblocks/workloads.kubeblocks.io/v1alpha1/replicatedstatemachines.yaml index be8b9209c..ae941b254 100644 --- a/crd-catalog/apecloud/kubeblocks/workloads.kubeblocks.io/v1alpha1/replicatedstatemachines.yaml +++ b/crd-catalog/apecloud/kubeblocks/workloads.kubeblocks.io/v1alpha1/replicatedstatemachines.yaml @@ -455,19 +455,101 @@ spec: - "username" type: "object" instances: - description: "Overrides values in default Template. \n Instance is the fundamental unit managed by KubeBlocks. It represents a Pod with additional objects such as PVCs, Services, ConfigMaps, etc. A RSM manages instances with a total count of Replicas, and by default, all these instances are generated from the same template. The InstanceTemplate provides a way to override values in the default template, allowing the RSM to manage instances from different templates." + description: "Overrides values in default Template. \n Instance is the fundamental unit managed by KubeBlocks. It represents a Pod with additional objects such as PVCs, Services, ConfigMaps, etc. A RSM manages instances with a total count of Replicas, and by default, all these instances are generated from the same template. The InstanceTemplate provides a way to override values in the default template, allowing the RSM to manage instances from different templates. \n The naming convention for instances (pods) based on the RSM Name, InstanceTemplate Name, and ordinal. The constructed instance name follows the pattern: $(rsm.name)-$(template.name)-$(ordinal). By default, the ordinal starts from 0 for each InstanceTemplate. It is important to ensure that the Name of each InstanceTemplate is unique. \n The sum of replicas across all InstanceTemplates should not exceed the total number of Replicas specified for the RSM. Any remaining replicas will be generated using the default template and will follow the default naming rules." items: properties: + RuntimeClassName: + description: "Defines RuntimeClass to override." + type: "string" annotations: additionalProperties: type: "string" description: "Defines annotations to override. Add new or override existing annotations." type: "object" - generateName: - description: "GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. \n Applied only if Name is not specified." - maxLength: 54 - pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" - type: "string" + env: + description: "Defines Env to override. Add new or override existing envs." + items: + description: "EnvVar represents an environment variable present in a Container." + properties: + name: + description: "Name of the environment variable. Must be a C_IDENTIFIER." + type: "string" + value: + description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + type: "string" + valueFrom: + description: "Source for the environment variable's value. Cannot be used if value is not empty." + properties: + configMapKeyRef: + description: "Selects a key of a ConfigMap." + properties: + key: + description: "The key to select." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + fieldRef: + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + required: + - "name" + type: "object" + type: "array" image: description: "Defines image to override. Will override the first container's image of the pod." type: "string" @@ -477,8 +559,8 @@ spec: description: "Defines labels to override. Add new or override existing labels." type: "object" name: - description: "Defines the name of the instance. Only applied when Replicas is 1." - maxLength: 64 + description: "Specifies the name of the template. Each instance of the template derives its name from the RSM's Name, the template's Name and the instance's ordinal. The constructed instance name follows the pattern $(rsm.name)-$(template.name)-$(ordinal). The ordinal starts from 0 by default." + maxLength: 54 pattern: "^[a-z0-9]([a-z0-9\\.\\-]*[a-z0-9])?$" type: "string" nodeName: @@ -1772,6 +1854,8 @@ spec: - "name" type: "object" type: "array" + required: + - "name" type: "object" type: "array" memberUpdateStrategy: @@ -1886,6 +1970,11 @@ spec: format: "int32" minimum: 0.0 type: "integer" + offlineInstances: + description: "Specifies instances to be scaled in with dedicated names in the list." + items: + type: "string" + type: "array" paused: description: "Indicates that the rsm is paused, meaning the reconciliation of this rsm object will be paused." type: "boolean" diff --git a/crd-catalog/application-stacks/runtime-component-operator/rc.app.stacks/v1/runtimecomponents.yaml b/crd-catalog/application-stacks/runtime-component-operator/rc.app.stacks/v1/runtimecomponents.yaml index 8d1c99cbd..968feb97f 100644 --- a/crd-catalog/application-stacks/runtime-component-operator/rc.app.stacks/v1/runtimecomponents.yaml +++ b/crd-catalog/application-stacks/runtime-component-operator/rc.app.stacks/v1/runtimecomponents.yaml @@ -918,7 +918,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -983,7 +983,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1066,7 +1066,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1202,7 +1202,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1266,6 +1266,21 @@ spec: resources: description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -1413,7 +1428,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1678,6 +1693,10 @@ spec: - "Lowercase" - "uppercase" - "Uppercase" + - "keepequal" + - "KeepEqual" + - "dropequal" + - "DropEqual" type: "string" modulus: description: "Modulus to take of the hash of the source label values." @@ -1821,6 +1840,10 @@ spec: - "Lowercase" - "uppercase" - "Uppercase" + - "keepequal" + - "KeepEqual" + - "dropequal" + - "DropEqual" type: "string" modulus: description: "Modulus to take of the hash of the source label values." @@ -2037,7 +2060,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -2139,7 +2162,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -2241,7 +2264,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -2316,6 +2339,21 @@ spec: resources: description: "Resource requests and limits for the application container." properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -2707,7 +2745,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -2772,7 +2810,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -2855,7 +2893,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -2991,7 +3029,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -3055,6 +3093,21 @@ spec: resources: description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -3202,7 +3255,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -3392,7 +3445,7 @@ spec: type: "string" type: "array" dataSource: - description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field." + description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." properties: apiGroup: description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." @@ -3409,7 +3462,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" dataSourceRef: - description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled." + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." properties: apiGroup: description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." @@ -3420,14 +3473,31 @@ spec: name: description: "Name is the name of resource being referenced" type: "string" + namespace: + description: "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + type: "string" required: - "kind" - "name" type: "object" - x-kubernetes-map-type: "atomic" resources: description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -3628,10 +3698,10 @@ spec: format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field." @@ -3966,7 +4036,7 @@ spec: type: "string" type: "array" dataSource: - description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field." + description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." properties: apiGroup: description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." @@ -3983,7 +4053,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" dataSourceRef: - description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled." + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." properties: apiGroup: description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." @@ -3994,14 +4064,31 @@ spec: name: description: "Name is the name of resource being referenced" type: "string" + namespace: + description: "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + type: "string" required: - "kind" - "name" type: "object" - x-kubernetes-map-type: "atomic" resources: description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: diff --git a/crd-catalog/application-stacks/runtime-component-operator/rc.app.stacks/v1beta2/runtimecomponents.yaml b/crd-catalog/application-stacks/runtime-component-operator/rc.app.stacks/v1beta2/runtimecomponents.yaml index 08b38a0ba..688fd7d63 100644 --- a/crd-catalog/application-stacks/runtime-component-operator/rc.app.stacks/v1beta2/runtimecomponents.yaml +++ b/crd-catalog/application-stacks/runtime-component-operator/rc.app.stacks/v1beta2/runtimecomponents.yaml @@ -890,7 +890,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -955,7 +955,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1038,7 +1038,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1174,7 +1174,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1238,6 +1238,21 @@ spec: resources: description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -1385,7 +1400,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1647,6 +1662,10 @@ spec: - "Lowercase" - "uppercase" - "Uppercase" + - "keepequal" + - "KeepEqual" + - "dropequal" + - "DropEqual" type: "string" modulus: description: "Modulus to take of the hash of the source label values." @@ -1790,6 +1809,10 @@ spec: - "Lowercase" - "uppercase" - "Uppercase" + - "keepequal" + - "KeepEqual" + - "dropequal" + - "DropEqual" type: "string" modulus: description: "Modulus to take of the hash of the source label values." @@ -1989,7 +2012,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -2091,7 +2114,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -2193,7 +2216,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -2268,6 +2291,21 @@ spec: resources: description: "Resource requests and limits for the application container." properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -2553,7 +2591,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -2618,7 +2656,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -2701,7 +2739,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -2837,7 +2875,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -2901,6 +2939,21 @@ spec: resources: description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -3048,7 +3101,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -3234,7 +3287,7 @@ spec: type: "string" type: "array" dataSource: - description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field." + description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." properties: apiGroup: description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." @@ -3251,7 +3304,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" dataSourceRef: - description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled." + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." properties: apiGroup: description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." @@ -3262,14 +3315,31 @@ spec: name: description: "Name is the name of resource being referenced" type: "string" + namespace: + description: "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + type: "string" required: - "kind" - "name" type: "object" - x-kubernetes-map-type: "atomic" resources: description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -3733,7 +3803,7 @@ spec: type: "string" type: "array" dataSource: - description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field." + description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." properties: apiGroup: description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." @@ -3750,7 +3820,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" dataSourceRef: - description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled." + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." properties: apiGroup: description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." @@ -3761,14 +3831,31 @@ spec: name: description: "Name is the name of resource being referenced" type: "string" + namespace: + description: "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + type: "string" required: - "kind" - "name" type: "object" - x-kubernetes-map-type: "atomic" resources: description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: diff --git a/crd-catalog/crossplane/crossplane/apiextensions.crossplane.io/v1/compositionrevisions.yaml b/crd-catalog/crossplane/crossplane/apiextensions.crossplane.io/v1/compositionrevisions.yaml index 28b584f03..436f6bfdc 100644 --- a/crd-catalog/crossplane/crossplane/apiextensions.crossplane.io/v1/compositionrevisions.yaml +++ b/crd-catalog/crossplane/crossplane/apiextensions.crossplane.io/v1/compositionrevisions.yaml @@ -312,7 +312,7 @@ spec: description: "String is used to transform the input into a string or a different kind\nof string. Note that the input does not necessarily need to be a string." properties: convert: - description: "Optional conversion method to be specified.\n`ToUpper` and `ToLower` change the letter case of the input string.\n`ToBase64` and `FromBase64` perform a base64 conversion based on the input string.\n`ToJson` converts any input value into its raw JSON representation.\n`ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input\nconverted to JSON." + description: "Optional conversion method to be specified.\n`ToUpper` and `ToLower` change the letter case of the input string.\n`ToBase64` and `FromBase64` perform a base64 conversion based on the input string.\n`ToJson` converts any input value into its raw JSON representation.\n`ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input\nconverted to JSON.\n`ToAdler32` generate a addler32 hash based on the input string." enum: - "ToUpper" - "ToLower" @@ -322,6 +322,7 @@ spec: - "ToSha1" - "ToSha256" - "ToSha512" + - "ToAdler32" type: "string" fmt: description: "Format the input using a Go format string. See\nhttps://golang.org/pkg/fmt/ for details." @@ -589,7 +590,7 @@ spec: description: "String is used to transform the input into a string or a different kind\nof string. Note that the input does not necessarily need to be a string." properties: convert: - description: "Optional conversion method to be specified.\n`ToUpper` and `ToLower` change the letter case of the input string.\n`ToBase64` and `FromBase64` perform a base64 conversion based on the input string.\n`ToJson` converts any input value into its raw JSON representation.\n`ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input\nconverted to JSON." + description: "Optional conversion method to be specified.\n`ToUpper` and `ToLower` change the letter case of the input string.\n`ToBase64` and `FromBase64` perform a base64 conversion based on the input string.\n`ToJson` converts any input value into its raw JSON representation.\n`ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input\nconverted to JSON.\n`ToAdler32` generate a addler32 hash based on the input string." enum: - "ToUpper" - "ToLower" @@ -599,6 +600,7 @@ spec: - "ToSha1" - "ToSha256" - "ToSha512" + - "ToAdler32" type: "string" fmt: description: "Format the input using a Go format string. See\nhttps://golang.org/pkg/fmt/ for details." @@ -920,7 +922,7 @@ spec: description: "String is used to transform the input into a string or a different kind\nof string. Note that the input does not necessarily need to be a string." properties: convert: - description: "Optional conversion method to be specified.\n`ToUpper` and `ToLower` change the letter case of the input string.\n`ToBase64` and `FromBase64` perform a base64 conversion based on the input string.\n`ToJson` converts any input value into its raw JSON representation.\n`ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input\nconverted to JSON." + description: "Optional conversion method to be specified.\n`ToUpper` and `ToLower` change the letter case of the input string.\n`ToBase64` and `FromBase64` perform a base64 conversion based on the input string.\n`ToJson` converts any input value into its raw JSON representation.\n`ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input\nconverted to JSON.\n`ToAdler32` generate a addler32 hash based on the input string." enum: - "ToUpper" - "ToLower" @@ -930,6 +932,7 @@ spec: - "ToSha1" - "ToSha256" - "ToSha512" + - "ToAdler32" type: "string" fmt: description: "Format the input using a Go format string. See\nhttps://golang.org/pkg/fmt/ for details." diff --git a/crd-catalog/crossplane/crossplane/apiextensions.crossplane.io/v1/compositions.yaml b/crd-catalog/crossplane/crossplane/apiextensions.crossplane.io/v1/compositions.yaml index 14e1b15ef..7198100b4 100644 --- a/crd-catalog/crossplane/crossplane/apiextensions.crossplane.io/v1/compositions.yaml +++ b/crd-catalog/crossplane/crossplane/apiextensions.crossplane.io/v1/compositions.yaml @@ -309,7 +309,7 @@ spec: description: "String is used to transform the input into a string or a different kind\nof string. Note that the input does not necessarily need to be a string." properties: convert: - description: "Optional conversion method to be specified.\n`ToUpper` and `ToLower` change the letter case of the input string.\n`ToBase64` and `FromBase64` perform a base64 conversion based on the input string.\n`ToJson` converts any input value into its raw JSON representation.\n`ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input\nconverted to JSON." + description: "Optional conversion method to be specified.\n`ToUpper` and `ToLower` change the letter case of the input string.\n`ToBase64` and `FromBase64` perform a base64 conversion based on the input string.\n`ToJson` converts any input value into its raw JSON representation.\n`ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input\nconverted to JSON.\n`ToAdler32` generate a addler32 hash based on the input string." enum: - "ToUpper" - "ToLower" @@ -319,6 +319,7 @@ spec: - "ToSha1" - "ToSha256" - "ToSha512" + - "ToAdler32" type: "string" fmt: description: "Format the input using a Go format string. See\nhttps://golang.org/pkg/fmt/ for details." @@ -586,7 +587,7 @@ spec: description: "String is used to transform the input into a string or a different kind\nof string. Note that the input does not necessarily need to be a string." properties: convert: - description: "Optional conversion method to be specified.\n`ToUpper` and `ToLower` change the letter case of the input string.\n`ToBase64` and `FromBase64` perform a base64 conversion based on the input string.\n`ToJson` converts any input value into its raw JSON representation.\n`ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input\nconverted to JSON." + description: "Optional conversion method to be specified.\n`ToUpper` and `ToLower` change the letter case of the input string.\n`ToBase64` and `FromBase64` perform a base64 conversion based on the input string.\n`ToJson` converts any input value into its raw JSON representation.\n`ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input\nconverted to JSON.\n`ToAdler32` generate a addler32 hash based on the input string." enum: - "ToUpper" - "ToLower" @@ -596,6 +597,7 @@ spec: - "ToSha1" - "ToSha256" - "ToSha512" + - "ToAdler32" type: "string" fmt: description: "Format the input using a Go format string. See\nhttps://golang.org/pkg/fmt/ for details." @@ -917,7 +919,7 @@ spec: description: "String is used to transform the input into a string or a different kind\nof string. Note that the input does not necessarily need to be a string." properties: convert: - description: "Optional conversion method to be specified.\n`ToUpper` and `ToLower` change the letter case of the input string.\n`ToBase64` and `FromBase64` perform a base64 conversion based on the input string.\n`ToJson` converts any input value into its raw JSON representation.\n`ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input\nconverted to JSON." + description: "Optional conversion method to be specified.\n`ToUpper` and `ToLower` change the letter case of the input string.\n`ToBase64` and `FromBase64` perform a base64 conversion based on the input string.\n`ToJson` converts any input value into its raw JSON representation.\n`ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input\nconverted to JSON.\n`ToAdler32` generate a addler32 hash based on the input string." enum: - "ToUpper" - "ToLower" @@ -927,6 +929,7 @@ spec: - "ToSha1" - "ToSha256" - "ToSha512" + - "ToAdler32" type: "string" fmt: description: "Format the input using a Go format string. See\nhttps://golang.org/pkg/fmt/ for details." diff --git a/crd-catalog/crossplane/crossplane/apiextensions.crossplane.io/v1beta1/compositionrevisions.yaml b/crd-catalog/crossplane/crossplane/apiextensions.crossplane.io/v1beta1/compositionrevisions.yaml index 338824bea..f21a4a0d5 100644 --- a/crd-catalog/crossplane/crossplane/apiextensions.crossplane.io/v1beta1/compositionrevisions.yaml +++ b/crd-catalog/crossplane/crossplane/apiextensions.crossplane.io/v1beta1/compositionrevisions.yaml @@ -312,7 +312,7 @@ spec: description: "String is used to transform the input into a string or a different kind\nof string. Note that the input does not necessarily need to be a string." properties: convert: - description: "Optional conversion method to be specified.\n`ToUpper` and `ToLower` change the letter case of the input string.\n`ToBase64` and `FromBase64` perform a base64 conversion based on the input string.\n`ToJson` converts any input value into its raw JSON representation.\n`ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input\nconverted to JSON." + description: "Optional conversion method to be specified.\n`ToUpper` and `ToLower` change the letter case of the input string.\n`ToBase64` and `FromBase64` perform a base64 conversion based on the input string.\n`ToJson` converts any input value into its raw JSON representation.\n`ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input\nconverted to JSON.\n`ToAdler32` generate a addler32 hash based on the input string." enum: - "ToUpper" - "ToLower" @@ -322,6 +322,7 @@ spec: - "ToSha1" - "ToSha256" - "ToSha512" + - "ToAdler32" type: "string" fmt: description: "Format the input using a Go format string. See\nhttps://golang.org/pkg/fmt/ for details." @@ -589,7 +590,7 @@ spec: description: "String is used to transform the input into a string or a different kind\nof string. Note that the input does not necessarily need to be a string." properties: convert: - description: "Optional conversion method to be specified.\n`ToUpper` and `ToLower` change the letter case of the input string.\n`ToBase64` and `FromBase64` perform a base64 conversion based on the input string.\n`ToJson` converts any input value into its raw JSON representation.\n`ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input\nconverted to JSON." + description: "Optional conversion method to be specified.\n`ToUpper` and `ToLower` change the letter case of the input string.\n`ToBase64` and `FromBase64` perform a base64 conversion based on the input string.\n`ToJson` converts any input value into its raw JSON representation.\n`ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input\nconverted to JSON.\n`ToAdler32` generate a addler32 hash based on the input string." enum: - "ToUpper" - "ToLower" @@ -599,6 +600,7 @@ spec: - "ToSha1" - "ToSha256" - "ToSha512" + - "ToAdler32" type: "string" fmt: description: "Format the input using a Go format string. See\nhttps://golang.org/pkg/fmt/ for details." @@ -920,7 +922,7 @@ spec: description: "String is used to transform the input into a string or a different kind\nof string. Note that the input does not necessarily need to be a string." properties: convert: - description: "Optional conversion method to be specified.\n`ToUpper` and `ToLower` change the letter case of the input string.\n`ToBase64` and `FromBase64` perform a base64 conversion based on the input string.\n`ToJson` converts any input value into its raw JSON representation.\n`ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input\nconverted to JSON." + description: "Optional conversion method to be specified.\n`ToUpper` and `ToLower` change the letter case of the input string.\n`ToBase64` and `FromBase64` perform a base64 conversion based on the input string.\n`ToJson` converts any input value into its raw JSON representation.\n`ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input\nconverted to JSON.\n`ToAdler32` generate a addler32 hash based on the input string." enum: - "ToUpper" - "ToLower" @@ -930,6 +932,7 @@ spec: - "ToSha1" - "ToSha256" - "ToSha512" + - "ToAdler32" type: "string" fmt: description: "Format the input using a Go format string. See\nhttps://golang.org/pkg/fmt/ for details." diff --git a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxbrokers.yaml b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxbrokers.yaml index 9db594954..ea8c3d51f 100644 --- a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxbrokers.yaml +++ b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxbrokers.yaml @@ -153,6 +153,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -221,6 +231,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -287,6 +307,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -355,6 +385,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -664,11 +704,12 @@ spec: type: "string" name: type: "string" + namespace: + type: "string" required: - "kind" - "name" type: "object" - x-kubernetes-map-type: "atomic" resources: properties: limits: @@ -714,6 +755,8 @@ spec: x-kubernetes-map-type: "atomic" storageClassName: type: "string" + volumeAttributesClassName: + type: "string" volumeMode: type: "string" volumeName: @@ -902,6 +945,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + name: + type: "string" + optional: + type: "boolean" + path: + type: "string" + signerName: + type: "string" + required: + - "path" + type: "object" configMap: properties: items: @@ -1316,6 +1396,18 @@ spec: type: "string" resources: properties: + claims: + items: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -1795,6 +1887,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -1845,6 +1945,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -2041,8 +2149,33 @@ spec: format: "int32" type: "integer" type: "object" + resizePolicy: + items: + properties: + resourceName: + type: "string" + restartPolicy: + type: "string" + required: + - "resourceName" + - "restartPolicy" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" resources: properties: + claims: + items: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -2060,6 +2193,8 @@ spec: x-kubernetes-int-or-string: true type: "object" type: "object" + restartPolicy: + type: "string" securityContext: properties: allowPrivilegeEscalation: @@ -2396,6 +2531,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -2446,6 +2589,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -2642,8 +2793,33 @@ spec: format: "int32" type: "integer" type: "object" + resizePolicy: + items: + properties: + resourceName: + type: "string" + restartPolicy: + type: "string" + required: + - "resourceName" + - "restartPolicy" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" resources: properties: + claims: + items: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -2661,6 +2837,8 @@ spec: x-kubernetes-int-or-string: true type: "object" type: "object" + restartPolicy: + type: "string" securityContext: properties: allowPrivilegeEscalation: @@ -2881,11 +3059,12 @@ spec: type: "string" name: type: "string" + namespace: + type: "string" required: - "kind" - "name" type: "object" - x-kubernetes-map-type: "atomic" resources: properties: limits: @@ -2931,6 +3110,8 @@ spec: x-kubernetes-map-type: "atomic" storageClassName: type: "string" + volumeAttributesClassName: + type: "string" volumeMode: type: "string" volumeName: diff --git a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxenterprises.yaml b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxenterprises.yaml index 301e13f30..a9e3fce06 100644 --- a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxenterprises.yaml +++ b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxenterprises.yaml @@ -153,6 +153,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -221,6 +231,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -287,6 +307,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -355,6 +385,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -664,11 +704,12 @@ spec: type: "string" name: type: "string" + namespace: + type: "string" required: - "kind" - "name" type: "object" - x-kubernetes-map-type: "atomic" resources: properties: limits: @@ -714,6 +755,8 @@ spec: x-kubernetes-map-type: "atomic" storageClassName: type: "string" + volumeAttributesClassName: + type: "string" volumeMode: type: "string" volumeName: @@ -902,6 +945,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + name: + type: "string" + optional: + type: "boolean" + path: + type: "string" + signerName: + type: "string" + required: + - "path" + type: "object" configMap: properties: items: @@ -1329,6 +1409,18 @@ spec: type: "string" resources: properties: + claims: + items: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -1808,6 +1900,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -1858,6 +1958,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -2054,8 +2162,33 @@ spec: format: "int32" type: "integer" type: "object" + resizePolicy: + items: + properties: + resourceName: + type: "string" + restartPolicy: + type: "string" + required: + - "resourceName" + - "restartPolicy" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" resources: properties: + claims: + items: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -2073,6 +2206,8 @@ spec: x-kubernetes-int-or-string: true type: "object" type: "object" + restartPolicy: + type: "string" securityContext: properties: allowPrivilegeEscalation: @@ -2409,6 +2544,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -2459,6 +2602,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -2655,8 +2806,33 @@ spec: format: "int32" type: "integer" type: "object" + resizePolicy: + items: + properties: + resourceName: + type: "string" + restartPolicy: + type: "string" + required: + - "resourceName" + - "restartPolicy" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" resources: properties: + claims: + items: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -2674,6 +2850,8 @@ spec: x-kubernetes-int-or-string: true type: "object" type: "object" + restartPolicy: + type: "string" securityContext: properties: allowPrivilegeEscalation: @@ -2894,11 +3072,12 @@ spec: type: "string" name: type: "string" + namespace: + type: "string" required: - "kind" - "name" type: "object" - x-kubernetes-map-type: "atomic" resources: properties: limits: @@ -2944,6 +3123,8 @@ spec: x-kubernetes-map-type: "atomic" storageClassName: type: "string" + volumeAttributesClassName: + type: "string" volumeMode: type: "string" volumeName: diff --git a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxbrokers.yaml b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxbrokers.yaml index 997a535e3..6d7eb5a07 100644 --- a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxbrokers.yaml +++ b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxbrokers.yaml @@ -83,11 +83,12 @@ spec: type: "string" name: type: "string" + namespace: + type: "string" required: - "kind" - "name" type: "object" - x-kubernetes-map-type: "atomic" resources: properties: limits: @@ -133,6 +134,8 @@ spec: x-kubernetes-map-type: "atomic" storageClassName: type: "string" + volumeAttributesClassName: + type: "string" volumeMode: type: "string" volumeName: @@ -406,6 +409,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -474,6 +487,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -540,6 +563,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -608,6 +641,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -823,6 +866,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -873,6 +924,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -1069,6 +1128,18 @@ spec: type: "object" resources: properties: + claims: + items: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -1415,6 +1486,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -1465,6 +1544,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -1661,8 +1748,33 @@ spec: format: "int32" type: "integer" type: "object" + resizePolicy: + items: + properties: + resourceName: + type: "string" + restartPolicy: + type: "string" + required: + - "resourceName" + - "restartPolicy" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" resources: properties: + claims: + items: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -1680,6 +1792,8 @@ spec: x-kubernetes-int-or-string: true type: "object" type: "object" + restartPolicy: + type: "string" securityContext: properties: allowPrivilegeEscalation: @@ -2010,6 +2124,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -2060,6 +2182,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -2256,8 +2386,33 @@ spec: format: "int32" type: "integer" type: "object" + resizePolicy: + items: + properties: + resourceName: + type: "string" + restartPolicy: + type: "string" + required: + - "resourceName" + - "restartPolicy" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" resources: properties: + claims: + items: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -2275,6 +2430,8 @@ spec: x-kubernetes-int-or-string: true type: "object" type: "object" + restartPolicy: + type: "string" securityContext: properties: allowPrivilegeEscalation: @@ -2611,6 +2768,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -2661,6 +2826,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -2857,8 +3030,33 @@ spec: format: "int32" type: "integer" type: "object" + resizePolicy: + items: + properties: + resourceName: + type: "string" + restartPolicy: + type: "string" + required: + - "resourceName" + - "restartPolicy" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" resources: properties: + claims: + items: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -2876,6 +3074,8 @@ spec: x-kubernetes-int-or-string: true type: "object" type: "object" + restartPolicy: + type: "string" securityContext: properties: allowPrivilegeEscalation: @@ -3400,11 +3600,12 @@ spec: type: "string" name: type: "string" + namespace: + type: "string" required: - "kind" - "name" type: "object" - x-kubernetes-map-type: "atomic" resources: properties: limits: @@ -3450,6 +3651,8 @@ spec: x-kubernetes-map-type: "atomic" storageClassName: type: "string" + volumeAttributesClassName: + type: "string" volumeMode: type: "string" volumeName: @@ -3638,6 +3841,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + name: + type: "string" + optional: + type: "boolean" + path: + type: "string" + signerName: + type: "string" + required: + - "path" + type: "object" configMap: properties: items: diff --git a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxenterprises.yaml b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxenterprises.yaml index d523dc6da..7255c08e0 100644 --- a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxenterprises.yaml +++ b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxenterprises.yaml @@ -114,11 +114,12 @@ spec: type: "string" name: type: "string" + namespace: + type: "string" required: - "kind" - "name" type: "object" - x-kubernetes-map-type: "atomic" resources: properties: limits: @@ -164,6 +165,8 @@ spec: x-kubernetes-map-type: "atomic" storageClassName: type: "string" + volumeAttributesClassName: + type: "string" volumeMode: type: "string" volumeName: @@ -437,6 +440,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -505,6 +518,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -571,6 +594,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -639,6 +672,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -854,6 +897,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -904,6 +955,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -1100,6 +1159,18 @@ spec: type: "object" resources: properties: + claims: + items: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -1446,6 +1517,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -1496,6 +1575,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -1692,8 +1779,33 @@ spec: format: "int32" type: "integer" type: "object" + resizePolicy: + items: + properties: + resourceName: + type: "string" + restartPolicy: + type: "string" + required: + - "resourceName" + - "restartPolicy" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" resources: properties: + claims: + items: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -1711,6 +1823,8 @@ spec: x-kubernetes-int-or-string: true type: "object" type: "object" + restartPolicy: + type: "string" securityContext: properties: allowPrivilegeEscalation: @@ -2041,6 +2155,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -2091,6 +2213,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -2287,8 +2417,33 @@ spec: format: "int32" type: "integer" type: "object" + resizePolicy: + items: + properties: + resourceName: + type: "string" + restartPolicy: + type: "string" + required: + - "resourceName" + - "restartPolicy" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" resources: properties: + claims: + items: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -2306,6 +2461,8 @@ spec: x-kubernetes-int-or-string: true type: "object" type: "object" + restartPolicy: + type: "string" securityContext: properties: allowPrivilegeEscalation: @@ -2642,6 +2799,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -2692,6 +2857,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -2888,8 +3061,33 @@ spec: format: "int32" type: "integer" type: "object" + resizePolicy: + items: + properties: + resourceName: + type: "string" + restartPolicy: + type: "string" + required: + - "resourceName" + - "restartPolicy" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" resources: properties: + claims: + items: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -2907,6 +3105,8 @@ spec: x-kubernetes-int-or-string: true type: "object" type: "object" + restartPolicy: + type: "string" securityContext: properties: allowPrivilegeEscalation: @@ -3431,11 +3631,12 @@ spec: type: "string" name: type: "string" + namespace: + type: "string" required: - "kind" - "name" type: "object" - x-kubernetes-map-type: "atomic" resources: properties: limits: @@ -3481,6 +3682,8 @@ spec: x-kubernetes-map-type: "atomic" storageClassName: type: "string" + volumeAttributesClassName: + type: "string" volumeMode: type: "string" volumeName: @@ -3669,6 +3872,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + name: + type: "string" + optional: + type: "boolean" + path: + type: "string" + signerName: + type: "string" + required: + - "path" + type: "object" configMap: properties: items: diff --git a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2alpha1/emqxes.yaml b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2alpha1/emqxes.yaml index 0bea63761..8ff0f9da4 100644 --- a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2alpha1/emqxes.yaml +++ b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2alpha1/emqxes.yaml @@ -205,6 +205,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -273,6 +283,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -339,6 +359,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -407,6 +437,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -740,6 +780,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -790,6 +838,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -986,8 +1042,33 @@ spec: format: "int32" type: "integer" type: "object" + resizePolicy: + items: + properties: + resourceName: + type: "string" + restartPolicy: + type: "string" + required: + - "resourceName" + - "restartPolicy" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" resources: properties: + claims: + items: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -1005,6 +1086,8 @@ spec: x-kubernetes-int-or-string: true type: "object" type: "object" + restartPolicy: + type: "string" securityContext: properties: allowPrivilegeEscalation: @@ -1451,11 +1534,12 @@ spec: type: "string" name: type: "string" + namespace: + type: "string" required: - "kind" - "name" type: "object" - x-kubernetes-map-type: "atomic" resources: properties: limits: @@ -1501,6 +1585,8 @@ spec: x-kubernetes-map-type: "atomic" storageClassName: type: "string" + volumeAttributesClassName: + type: "string" volumeMode: type: "string" volumeName: @@ -1689,6 +1775,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + name: + type: "string" + optional: + type: "boolean" + path: + type: "string" + signerName: + type: "string" + required: + - "path" + type: "object" configMap: properties: items: @@ -2068,6 +2191,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -2118,6 +2249,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -2314,8 +2453,33 @@ spec: format: "int32" type: "integer" type: "object" + resizePolicy: + items: + properties: + resourceName: + type: "string" + restartPolicy: + type: "string" + required: + - "resourceName" + - "restartPolicy" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" resources: properties: + claims: + items: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -2333,6 +2497,8 @@ spec: x-kubernetes-int-or-string: true type: "object" type: "object" + restartPolicy: + type: "string" securityContext: properties: allowPrivilegeEscalation: @@ -2559,6 +2725,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -2609,6 +2783,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -2875,6 +3057,18 @@ spec: type: "integer" resources: properties: + claims: + items: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -3013,11 +3207,12 @@ spec: type: "string" name: type: "string" + namespace: + type: "string" required: - "kind" - "name" type: "object" - x-kubernetes-map-type: "atomic" resources: properties: limits: @@ -3063,6 +3258,8 @@ spec: x-kubernetes-map-type: "atomic" storageClassName: type: "string" + volumeAttributesClassName: + type: "string" volumeMode: type: "string" volumeName: @@ -3234,6 +3431,8 @@ spec: type: "string" ip: type: "string" + ipMode: + type: "string" ports: items: properties: @@ -3435,6 +3634,8 @@ spec: type: "string" ip: type: "string" + ipMode: + type: "string" ports: items: properties: @@ -3609,6 +3810,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -3677,6 +3888,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -3743,6 +3964,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -3811,6 +4042,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -4144,6 +4385,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -4194,6 +4443,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -4390,8 +4647,33 @@ spec: format: "int32" type: "integer" type: "object" + resizePolicy: + items: + properties: + resourceName: + type: "string" + restartPolicy: + type: "string" + required: + - "resourceName" + - "restartPolicy" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" resources: properties: + claims: + items: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -4409,6 +4691,8 @@ spec: x-kubernetes-int-or-string: true type: "object" type: "object" + restartPolicy: + type: "string" securityContext: properties: allowPrivilegeEscalation: @@ -4855,11 +5139,12 @@ spec: type: "string" name: type: "string" + namespace: + type: "string" required: - "kind" - "name" type: "object" - x-kubernetes-map-type: "atomic" resources: properties: limits: @@ -4905,6 +5190,8 @@ spec: x-kubernetes-map-type: "atomic" storageClassName: type: "string" + volumeAttributesClassName: + type: "string" volumeMode: type: "string" volumeName: @@ -5093,6 +5380,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + name: + type: "string" + optional: + type: "boolean" + path: + type: "string" + signerName: + type: "string" + required: + - "path" + type: "object" configMap: properties: items: @@ -5472,6 +5796,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -5522,6 +5854,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -5718,8 +6058,33 @@ spec: format: "int32" type: "integer" type: "object" + resizePolicy: + items: + properties: + resourceName: + type: "string" + restartPolicy: + type: "string" + required: + - "resourceName" + - "restartPolicy" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" resources: properties: + claims: + items: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -5737,6 +6102,8 @@ spec: x-kubernetes-int-or-string: true type: "object" type: "object" + restartPolicy: + type: "string" securityContext: properties: allowPrivilegeEscalation: @@ -5963,6 +6330,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -6013,6 +6388,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -6279,6 +6662,18 @@ spec: type: "integer" resources: properties: + claims: + items: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: diff --git a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2beta1/emqxes.yaml b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2beta1/emqxes.yaml index 7eef2d54e..b964e53ff 100644 --- a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2beta1/emqxes.yaml +++ b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2beta1/emqxes.yaml @@ -241,6 +241,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -309,6 +319,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -375,6 +395,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -443,6 +473,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -780,6 +820,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -830,6 +878,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -1026,8 +1082,33 @@ spec: format: "int32" type: "integer" type: "object" + resizePolicy: + items: + properties: + resourceName: + type: "string" + restartPolicy: + type: "string" + required: + - "resourceName" + - "restartPolicy" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" resources: properties: + claims: + items: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -1045,6 +1126,8 @@ spec: x-kubernetes-int-or-string: true type: "object" type: "object" + restartPolicy: + type: "string" securityContext: properties: allowPrivilegeEscalation: @@ -1491,11 +1574,12 @@ spec: type: "string" name: type: "string" + namespace: + type: "string" required: - "kind" - "name" type: "object" - x-kubernetes-map-type: "atomic" resources: properties: limits: @@ -1541,6 +1625,8 @@ spec: x-kubernetes-map-type: "atomic" storageClassName: type: "string" + volumeAttributesClassName: + type: "string" volumeMode: type: "string" volumeName: @@ -1729,6 +1815,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + name: + type: "string" + optional: + type: "boolean" + path: + type: "string" + signerName: + type: "string" + required: + - "path" + type: "object" configMap: properties: items: @@ -2108,6 +2231,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -2158,6 +2289,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -2354,8 +2493,33 @@ spec: format: "int32" type: "integer" type: "object" + resizePolicy: + items: + properties: + resourceName: + type: "string" + restartPolicy: + type: "string" + required: + - "resourceName" + - "restartPolicy" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" resources: properties: + claims: + items: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -2373,6 +2537,8 @@ spec: x-kubernetes-int-or-string: true type: "object" type: "object" + restartPolicy: + type: "string" securityContext: properties: allowPrivilegeEscalation: @@ -2599,6 +2765,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -2649,6 +2823,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -2936,6 +3118,18 @@ spec: type: "integer" resources: properties: + claims: + items: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -3090,11 +3284,12 @@ spec: type: "string" name: type: "string" + namespace: + type: "string" required: - "kind" - "name" type: "object" - x-kubernetes-map-type: "atomic" resources: properties: limits: @@ -3140,6 +3335,8 @@ spec: x-kubernetes-map-type: "atomic" storageClassName: type: "string" + volumeAttributesClassName: + type: "string" volumeMode: type: "string" volumeName: @@ -3537,6 +3734,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -3605,6 +3812,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -3671,6 +3888,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -3739,6 +3966,16 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + matchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" namespaceSelector: properties: matchExpressions: @@ -4076,6 +4313,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -4126,6 +4371,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -4322,8 +4575,33 @@ spec: format: "int32" type: "integer" type: "object" + resizePolicy: + items: + properties: + resourceName: + type: "string" + restartPolicy: + type: "string" + required: + - "resourceName" + - "restartPolicy" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" resources: properties: + claims: + items: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -4341,6 +4619,8 @@ spec: x-kubernetes-int-or-string: true type: "object" type: "object" + restartPolicy: + type: "string" securityContext: properties: allowPrivilegeEscalation: @@ -4787,11 +5067,12 @@ spec: type: "string" name: type: "string" + namespace: + type: "string" required: - "kind" - "name" type: "object" - x-kubernetes-map-type: "atomic" resources: properties: limits: @@ -4837,6 +5118,8 @@ spec: x-kubernetes-map-type: "atomic" storageClassName: type: "string" + volumeAttributesClassName: + type: "string" volumeMode: type: "string" volumeName: @@ -5025,6 +5308,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: "string" + operator: + type: "string" + values: + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + name: + type: "string" + optional: + type: "boolean" + path: + type: "string" + signerName: + type: "string" + required: + - "path" + type: "object" configMap: properties: items: @@ -5404,6 +5724,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -5454,6 +5782,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -5650,8 +5986,33 @@ spec: format: "int32" type: "integer" type: "object" + resizePolicy: + items: + properties: + resourceName: + type: "string" + restartPolicy: + type: "string" + required: + - "resourceName" + - "restartPolicy" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" resources: properties: + claims: + items: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: @@ -5669,6 +6030,8 @@ spec: x-kubernetes-int-or-string: true type: "object" type: "object" + restartPolicy: + type: "string" securityContext: properties: allowPrivilegeEscalation: @@ -5895,6 +6258,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -5945,6 +6316,14 @@ spec: required: - "port" type: "object" + sleep: + properties: + seconds: + format: "int64" + type: "integer" + required: + - "seconds" + type: "object" tcpSocket: properties: host: @@ -6232,6 +6611,18 @@ spec: type: "integer" resources: properties: + claims: + items: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" limits: additionalProperties: anyOf: diff --git a/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/canaries.yaml b/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/canaries.yaml index 42ebe2012..05e6c493c 100644 --- a/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/canaries.yaml +++ b/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/canaries.yaml @@ -1030,6 +1030,8 @@ spec: items: type: "string" type: "array" + tagSelector: + type: "string" types: items: type: "string" @@ -4939,6 +4941,177 @@ spec: - "name" type: "object" type: "array" + kubernetesResource: + items: + properties: + checkRetries: + description: "Set initial delays and retry intervals for checks." + properties: + delay: + description: "Delay is the initial delay" + type: "string" + interval: + type: "string" + maxRetries: + type: "integer" + timeout: + type: "string" + type: "object" + checks: + description: "Checks to run against the kubernetes resources." + items: + description: "KubernetesResourceChecks is the canary spec.\nNOTE: It's only created to make crd generation possible.\nembedding CanarySpec into KubernetesResourceCheck.checks\ndirectly generates an invalid crd." + type: "object" + type: "array" + x-kubernetes-preserve-unknown-fields: true + description: + description: "Description for the check" + type: "string" + display: + properties: + expr: + type: "string" + javascript: + type: "string" + jsonPath: + type: "string" + template: + type: "string" + type: "object" + icon: + description: "Icon for overwriting default icon on the dashboard" + type: "string" + kubeconfig: + description: "Kubeconfig is the kubeconfig or the path to the kubeconfig file." + properties: + name: + type: "string" + value: + type: "string" + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: "string" + name: + type: "string" + required: + - "key" + type: "object" + helmRef: + properties: + key: + description: "Key is a JSONPath expression used to fetch the key from the merged JSON." + type: "string" + name: + type: "string" + required: + - "key" + type: "object" + secretKeyRef: + properties: + key: + type: "string" + name: + type: "string" + required: + - "key" + type: "object" + serviceAccount: + description: "ServiceAccount specifies the service account whose token should be fetched" + type: "string" + type: "object" + type: "object" + labels: + additionalProperties: + type: "string" + description: "Labels for the check" + type: "object" + metrics: + description: "Metrics to expose from check results" + items: + properties: + labels: + items: + properties: + name: + type: "string" + value: + type: "string" + valueExpr: + type: "string" + required: + - "name" + type: "object" + type: "array" + name: + type: "string" + type: + type: "string" + value: + type: "string" + type: "object" + type: "array" + name: + description: "Name of the check" + type: "string" + namespace: + description: "Namespace to insert the check into, if different to the namespace the canary is defined, e.g." + type: "string" + resources: + description: "Resources are kubernetes resources that are created & cleared\nafter every check run." + x-kubernetes-preserve-unknown-fields: true + staticResources: + description: "StaticResources are kubernetes resources that are created & only\ncleared when the canary is deleted" + x-kubernetes-preserve-unknown-fields: true + test: + properties: + expr: + type: "string" + javascript: + type: "string" + jsonPath: + type: "string" + template: + type: "string" + type: "object" + transform: + properties: + expr: + type: "string" + javascript: + type: "string" + jsonPath: + type: "string" + template: + type: "string" + type: "object" + transformDeleteStrategy: + description: "Transformed checks have a delete strategy on deletion they can either be marked healthy, unhealthy or left as is" + type: "string" + waitFor: + properties: + disable: + description: "Disable waiting for resources to get to their desired state." + type: "boolean" + expr: + description: "Expr is a cel expression that determines whether all the resources\nare in their desired state before running checks on them.\n\tDefault: `dyn(resources).all(r, k8s.isHealthy(r))`" + type: "string" + interval: + description: "Interval to check if all static & non-static resources are ready.\n\tDefault: 30s" + type: "string" + maxRetries: + type: "integer" + timeout: + description: "Timeout to wait for all static & non-static resources to be ready.\n\tDefault: 10m" + type: "string" + type: "object" + required: + - "name" + - "resources" + type: "object" + type: "array" ldap: items: properties: diff --git a/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/components.yaml b/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/components.yaml index 184e01e30..bce361a86 100644 --- a/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/components.yaml +++ b/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/components.yaml @@ -68,6 +68,8 @@ spec: items: type: "string" type: "array" + tagSelector: + type: "string" tags: additionalProperties: type: "string" @@ -181,6 +183,8 @@ spec: items: type: "string" type: "array" + tagSelector: + type: "string" tags: additionalProperties: type: "string" @@ -314,6 +318,8 @@ spec: items: type: "string" type: "array" + tagSelector: + type: "string" types: items: type: "string" diff --git a/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/topologies.yaml b/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/topologies.yaml index 278ad398a..35711d910 100644 --- a/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/topologies.yaml +++ b/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/topologies.yaml @@ -59,6 +59,8 @@ spec: items: type: "string" type: "array" + tagSelector: + type: "string" types: items: type: "string" @@ -103,6 +105,8 @@ spec: items: type: "string" type: "array" + tagSelector: + type: "string" tags: additionalProperties: type: "string" @@ -216,6 +220,8 @@ spec: items: type: "string" type: "array" + tagSelector: + type: "string" tags: additionalProperties: type: "string" @@ -349,6 +355,8 @@ spec: items: type: "string" type: "array" + tagSelector: + type: "string" types: items: type: "string" @@ -420,6 +428,8 @@ spec: items: type: "string" type: "array" + tagSelector: + type: "string" tags: additionalProperties: type: "string" @@ -488,6 +498,8 @@ spec: items: type: "string" type: "array" + tagSelector: + type: "string" tags: additionalProperties: type: "string" diff --git a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterfilters.yaml b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterfilters.yaml index 19def0b19..995e150f6 100644 --- a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterfilters.yaml +++ b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterfilters.yaml @@ -211,6 +211,9 @@ spec: call: description: "Lua function name that will be triggered to do filtering. It's assumed that the function is declared inside the Script defined above." type: "string" + code: + description: "Inline LUA code instead of loading from a path via script." + type: "string" protectedMode: description: "If enabled, Lua script will be executed in protected mode. It prevents to crash when invalid Lua script is executed. Default is true." type: "boolean" @@ -244,6 +247,7 @@ spec: type: "array" required: - "call" + - "code" - "script" type: "object" modify: @@ -360,9 +364,34 @@ spec: alias: description: "Alias for the plugin" type: "string" + buffer: + default: false + type: "boolean" + emitterMemBufLimit: + default: 10 + description: "Set a limit on the amount of memory in MB the emitter can consume if the outputs provide backpressure. The default for this limit is 10M. The pipeline will pause once the buffer exceeds the value of this setting. For example, if the value is set to 10MB then the pipeline will pause if the buffer exceeds 10M. The pipeline will remain paused until the output drains the buffer below the 10M limit." + type: "integer" + emitterName: + description: "Name for the emitter input instance which re-emits the completed records at the beginning of the pipeline." + type: "string" + emitterType: + default: "memory" + description: "The storage type for the emitter input instance. This option supports the values memory (default) and filesystem." + enum: + - "memory" + - "filesystem" + type: "string" + flushMs: + default: 2000 + type: "integer" keyContent: description: "Key name that holds the content to process. Note that a Multiline Parser definition can already specify the key_content to use, but this option allows to overwrite that value for the purpose of the filter." type: "string" + mode: + enum: + - "parser" + - "partial_message" + type: "string" parser: description: "Specify one or multiple Multiline Parsing definitions to apply to the content. You can specify multiple multiline parsers to detect different formats by separating them with a comma." type: "string" @@ -475,9 +504,13 @@ spec: alias: description: "Alias for the plugin" type: "string" + emitterMemBufLimit: + type: "string" emitterName: description: "When the filter emits a record under the new Tag, there is an internal emitter plugin that takes care of the job. Since this emitter expose metrics as any other component of the pipeline, you can use this property to configure an optional name for it." type: "string" + emitterStorageType: + type: "string" retryLimit: description: "RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1." pattern: "^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$" diff --git a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterfluentbitconfigs.yaml b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterfluentbitconfigs.yaml index af9d33d33..e75f41a0b 100644 --- a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterfluentbitconfigs.yaml +++ b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterfluentbitconfigs.yaml @@ -93,6 +93,37 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + multilineParserSelector: + description: "Select multiline parser plugins" + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" namespace: description: "If namespace is defined, then the configmap and secret for fluent-bit is in this namespace. If it is not defined, it is in the namespace of the fluentd-operator" type: "string" @@ -164,6 +195,13 @@ spec: daemon: description: "If true go to background on start" type: "boolean" + emitterMemBufLimit: + type: "string" + emitterName: + description: "Per-namespace re-emitter configuration" + type: "string" + emitterStorageType: + type: "string" flushSeconds: description: "Interval to flush output" format: "int64" @@ -219,6 +257,11 @@ spec: parsersFile: description: "Optional 'parsers' config file (can be multiple)" type: "string" + parsersFiles: + description: "backward compatible" + items: + type: "string" + type: "array" storage: description: "Configure a global environment for the storage layer in Service. It is recommended to configure the volume and volumeMount separately for this storage. The hostPath type should be used for that Volume in Fluentbit daemon set." properties: diff --git a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/filters.yaml b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/filters.yaml index 6f8e50489..e10522bd6 100644 --- a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/filters.yaml +++ b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/filters.yaml @@ -211,6 +211,9 @@ spec: call: description: "Lua function name that will be triggered to do filtering. It's assumed that the function is declared inside the Script defined above." type: "string" + code: + description: "Inline LUA code instead of loading from a path via script." + type: "string" protectedMode: description: "If enabled, Lua script will be executed in protected mode. It prevents to crash when invalid Lua script is executed. Default is true." type: "boolean" @@ -244,6 +247,7 @@ spec: type: "array" required: - "call" + - "code" - "script" type: "object" modify: @@ -360,9 +364,34 @@ spec: alias: description: "Alias for the plugin" type: "string" + buffer: + default: false + type: "boolean" + emitterMemBufLimit: + default: 10 + description: "Set a limit on the amount of memory in MB the emitter can consume if the outputs provide backpressure. The default for this limit is 10M. The pipeline will pause once the buffer exceeds the value of this setting. For example, if the value is set to 10MB then the pipeline will pause if the buffer exceeds 10M. The pipeline will remain paused until the output drains the buffer below the 10M limit." + type: "integer" + emitterName: + description: "Name for the emitter input instance which re-emits the completed records at the beginning of the pipeline." + type: "string" + emitterType: + default: "memory" + description: "The storage type for the emitter input instance. This option supports the values memory (default) and filesystem." + enum: + - "memory" + - "filesystem" + type: "string" + flushMs: + default: 2000 + type: "integer" keyContent: description: "Key name that holds the content to process. Note that a Multiline Parser definition can already specify the key_content to use, but this option allows to overwrite that value for the purpose of the filter." type: "string" + mode: + enum: + - "parser" + - "partial_message" + type: "string" parser: description: "Specify one or multiple Multiline Parsing definitions to apply to the content. You can specify multiple multiline parsers to detect different formats by separating them with a comma." type: "string" @@ -475,9 +504,13 @@ spec: alias: description: "Alias for the plugin" type: "string" + emitterMemBufLimit: + type: "string" emitterName: description: "When the filter emits a record under the new Tag, there is an internal emitter plugin that takes care of the job. Since this emitter expose metrics as any other component of the pipeline, you can use this property to configure an optional name for it." type: "string" + emitterStorageType: + type: "string" retryLimit: description: "RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1." pattern: "^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$" diff --git a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/fluentbitconfigs.yaml b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/fluentbitconfigs.yaml index 906d580d9..e23d40a7c 100644 --- a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/fluentbitconfigs.yaml +++ b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/fluentbitconfigs.yaml @@ -31,6 +31,37 @@ spec: spec: description: "NamespacedFluentBitCfgSpec defines the desired state of FluentBit" properties: + clusterMultilineParserSelector: + description: "Select cluster level multiline parser config" + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" clusterParserSelector: description: "Select cluster level parser config" properties: @@ -93,6 +124,37 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + multilineParserSelector: + description: "Select multiline parser plugins" + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" outputSelector: description: "Select output plugins" properties: @@ -155,6 +217,118 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + service: + description: "Service defines the global behaviour of the Fluent Bit engine." + properties: + daemon: + description: "If true go to background on start" + type: "boolean" + emitterMemBufLimit: + type: "string" + emitterName: + description: "Per-namespace re-emitter configuration" + type: "string" + emitterStorageType: + type: "string" + flushSeconds: + description: "Interval to flush output" + format: "int64" + type: "integer" + graceSeconds: + description: "Wait time on exit" + format: "int64" + type: "integer" + hcErrorsCount: + description: "the error count to meet the unhealthy requirement, this is a sum for all output plugins in a defined HC_Period, example for output error: [2022/02/16 10:44:10] [ warn] [engine] failed to flush chunk '1-1645008245.491540684.flb', retry in 7 seconds: task_id=0, input=forward.1 > output=cloudwatch_logs.3 (out_id=3)" + format: "int64" + minimum: 1.0 + type: "integer" + hcPeriod: + description: "The time period by second to count the error and retry failure data point" + format: "int64" + minimum: 1.0 + type: "integer" + hcRetryFailureCount: + description: "the retry failure count to meet the unhealthy requirement, this is a sum for all output plugins in a defined HC_Period, example for retry failure: [2022/02/16 20:11:36] [ warn] [engine] chunk '1-1645042288.260516436.flb' cannot be retried: task_id=0, input=tcp.3 > output=cloudwatch_logs.1" + format: "int64" + minimum: 1.0 + type: "integer" + healthCheck: + description: "enable Health check feature at http://127.0.0.1:2020/api/v1/health Note: Enabling this will not automatically configure kubernetes to use fluentbit's healthcheck endpoint" + type: "boolean" + httpListen: + description: "Address to listen" + pattern: "^\\d{1,3}.\\d{1,3}.\\d{1,3}.\\d{1,3}$" + type: "string" + httpPort: + description: "Port to listen" + format: "int32" + maximum: 65535.0 + minimum: 1.0 + type: "integer" + httpServer: + description: "If true enable statistics HTTP server" + type: "boolean" + logFile: + description: "File to log diagnostic output" + type: "string" + logLevel: + description: "Diagnostic level (error/warning/info/debug/trace)" + enum: + - "off" + - "error" + - "warning" + - "info" + - "debug" + - "trace" + type: "string" + parsersFile: + description: "Optional 'parsers' config file (can be multiple)" + type: "string" + parsersFiles: + description: "backward compatible" + items: + type: "string" + type: "array" + storage: + description: "Configure a global environment for the storage layer in Service. It is recommended to configure the volume and volumeMount separately for this storage. The hostPath type should be used for that Volume in Fluentbit daemon set." + properties: + backlogMemLimit: + description: "This option configure a hint of maximum value of memory to use when processing these records" + type: "string" + checksum: + description: "Enable the data integrity check when writing and reading data from the filesystem" + enum: + - "on" + - "off" + type: "string" + deleteIrrecoverableChunks: + description: "When enabled, irrecoverable chunks will be deleted during runtime, and any other irrecoverable chunk located in the configured storage path directory will be deleted when Fluent-Bit starts." + enum: + - "on" + - "off" + type: "string" + maxChunksUp: + description: "If the input plugin has enabled filesystem storage type, this property sets the maximum number of Chunks that can be up in memory" + format: "int64" + type: "integer" + metrics: + description: "If http_server option has been enabled in the Service section, this option registers a new endpoint where internal metrics of the storage layer can be consumed" + enum: + - "on" + - "off" + type: "string" + path: + description: "Select an optional location in the file system to store streams and chunks of data/" + type: "string" + sync: + description: "Configure the synchronization mode used to store the data into the file system" + enum: + - "normal" + - "full" + type: "string" + type: "object" + type: "object" type: "object" type: "object" served: true diff --git a/crd-catalog/fluxcd/kustomize-controller/kustomize.toolkit.fluxcd.io/v1/kustomizations.yaml b/crd-catalog/fluxcd/kustomize-controller/kustomize.toolkit.fluxcd.io/v1/kustomizations.yaml index 306101abc..28a5f6ba7 100644 --- a/crd-catalog/fluxcd/kustomize-controller/kustomize.toolkit.fluxcd.io/v1/kustomizations.yaml +++ b/crd-catalog/fluxcd/kustomize-controller/kustomize.toolkit.fluxcd.io/v1/kustomizations.yaml @@ -164,6 +164,16 @@ spec: required: - "secretRef" type: "object" + namePrefix: + description: "NamePrefix will prefix the names of all managed resources." + maxLength: 200 + minLength: 1 + type: "string" + nameSuffix: + description: "NameSuffix will suffix the names of all managed resources." + maxLength: 200 + minLength: 1 + type: "string" patches: description: "Strategic merge and JSON patches, defined as inline YAML objects,\ncapable of targeting objects based on kind, label and annotation selectors." items: diff --git a/crd-catalog/gravitational/teleport/resources.teleport.dev/v2/teleportprovisiontokens.yaml b/crd-catalog/gravitational/teleport/resources.teleport.dev/v2/teleportprovisiontokens.yaml index e92b55fa3..6b90a4849 100644 --- a/crd-catalog/gravitational/teleport/resources.teleport.dev/v2/teleportprovisiontokens.yaml +++ b/crd-catalog/gravitational/teleport/resources.teleport.dev/v2/teleportprovisiontokens.yaml @@ -283,6 +283,30 @@ spec: x-kubernetes-preserve-unknown-fields: true description: "SuggestedLabels is a set of labels that resources should set when using this token to enroll themselves in the cluster. Currently, only node-join scripts create a configuration according to the suggestion." type: "object" + tpm: + description: "TPM allows the configuration of options specific to the \"tpm\" join method." + nullable: true + properties: + allow: + description: "Allow is a list of Rules, the presented delegated identity must match one allow rule to permit joining." + items: + properties: + description: + type: "string" + ekcert_serial: + type: "string" + ekpub_hash: + type: "string" + type: "object" + nullable: true + type: "array" + ekcert_allowed_cas: + description: "EKCertAllowedCAs is a list of CA certificates that will be used to validate TPM EKCerts. When specified, joining TPMs must present an EKCert signed by one of the specified CAs. TPMs that do not present an EKCert will be not permitted to join. When unspecified, TPMs will be allowed to join with either an EKCert or an EKPubHash." + items: + type: "string" + nullable: true + type: "array" + type: "object" type: "object" status: description: "Status defines the observed state of the Teleport resource" diff --git a/crd-catalog/hashicorp/terraform-cloud-operator/app.terraform.io/v1alpha2/agentpools.yaml b/crd-catalog/hashicorp/terraform-cloud-operator/app.terraform.io/v1alpha2/agentpools.yaml index ac297e85f..5001367e7 100644 --- a/crd-catalog/hashicorp/terraform-cloud-operator/app.terraform.io/v1alpha2/agentpools.yaml +++ b/crd-catalog/hashicorp/terraform-cloud-operator/app.terraform.io/v1alpha2/agentpools.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.11.3" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "agentpools.app.terraform.io" spec: group: "app.terraform.io" @@ -19,10 +19,10 @@ spec: description: "AgentPool is the Schema for the agentpools API." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -39,7 +39,7 @@ spec: description: "PodSpec is a description of a pod." properties: activeDeadlineSeconds: - description: "Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer." + description: "Optional duration in seconds the pod may be active on the node relative to\nStartTime before the system will actively try to mark it failed and kill associated containers.\nValue must be a positive integer." format: "int64" type: "integer" affinity: @@ -49,9 +49,9 @@ spec: description: "Describes node affinity scheduling rules for the pod." properties: preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred." + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred." items: - description: "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." + description: "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." properties: preference: description: "A node selector term, associated with the corresponding weight." @@ -59,16 +59,16 @@ spec: matchExpressions: description: "A list of node selector requirements by node's labels." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -80,16 +80,16 @@ spec: matchFields: description: "A list of node selector requirements by node's fields." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -110,26 +110,26 @@ spec: type: "object" type: "array" requiredDuringSchedulingIgnoredDuringExecution: - description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node." + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: nodeSelectorTerms: description: "Required. A list of node selector terms. The terms are ORed." items: - description: "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm." + description: "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm." properties: matchExpressions: description: "A list of node selector requirements by node's labels." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -141,16 +141,16 @@ spec: matchFields: description: "A list of node selector requirements by node's fields." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -171,7 +171,7 @@ spec: description: "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s))." properties: preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." items: description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" properties: @@ -179,21 +179,21 @@ spec: description: "Required. A pod affinity term, associated with the corresponding weight." properties: labelSelector: - description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." + description: "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -205,38 +205,38 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -248,23 +248,23 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" type: "object" weight: - description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." format: "int32" type: "integer" required: @@ -273,26 +273,26 @@ spec: type: "object" type: "array" requiredDuringSchedulingIgnoredDuringExecution: - description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: - description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" properties: labelSelector: - description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." + description: "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -304,38 +304,38 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -347,17 +347,17 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" @@ -368,7 +368,7 @@ spec: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." properties: preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." items: description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" properties: @@ -376,21 +376,21 @@ spec: description: "Required. A pod affinity term, associated with the corresponding weight." properties: labelSelector: - description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." + description: "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -402,38 +402,38 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -445,23 +445,23 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" type: "object" weight: - description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." format: "int32" type: "integer" required: @@ -470,26 +470,26 @@ spec: type: "object" type: "array" requiredDuringSchedulingIgnoredDuringExecution: - description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: - description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" properties: labelSelector: - description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." + description: "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -501,38 +501,38 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -544,17 +544,17 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" @@ -566,22 +566,22 @@ spec: description: "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted." type: "boolean" containers: - description: "List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated." + description: "List of containers belonging to the pod.\nContainers cannot currently be added or removed.\nThere must be at least one container in a Pod.\nCannot be updated." items: description: "A single application container that you want to run within a pod." properties: args: - description: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" + description: "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" command: - description: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" + description: "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" env: - description: "List of environment variables to set in the container. Cannot be updated." + description: "List of environment variables to set in the container.\nCannot be updated." items: description: "EnvVar represents an environment variable present in a Container." properties: @@ -589,7 +589,7 @@ spec: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: description: "Source for the environment variable's value. Cannot be used if value is not empty." @@ -601,7 +601,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -611,7 +611,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -624,7 +624,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -650,7 +650,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -665,7 +665,7 @@ spec: type: "object" type: "array" envFrom: - description: "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated." + description: "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated." items: description: "EnvFromSource represents the source of a set of ConfigMaps" properties: @@ -673,7 +673,7 @@ spec: description: "The ConfigMap to select from" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -687,7 +687,7 @@ spec: description: "The Secret to select from" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -697,22 +697,22 @@ spec: type: "object" type: "array" image: - description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." + description: "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." type: "string" imagePullPolicy: - description: "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images" + description: "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images" type: "string" lifecycle: - description: "Actions that the management system should take in response to container lifecycle events. Cannot be updated." + description: "Actions that the management system should take in response to container lifecycle events.\nCannot be updated." properties: postStart: - description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" + description: "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" @@ -721,7 +721,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -729,7 +729,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -746,10 +746,10 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" @@ -765,7 +765,7 @@ spec: - "seconds" type: "object" tcpSocket: - description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified." + description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor the backward compatibility. There are no validation of this field and\nlifecycle hooks will fail in runtime when tcp handler is specified." properties: host: description: "Optional: Host name to connect to, defaults to the pod IP." @@ -774,20 +774,20 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" type: "object" preStop: - description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" + description: "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" @@ -796,7 +796,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -804,7 +804,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -821,10 +821,10 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" @@ -840,7 +840,7 @@ spec: - "seconds" type: "object" tcpSocket: - description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified." + description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor the backward compatibility. There are no validation of this field and\nlifecycle hooks will fail in runtime when tcp handler is specified." properties: host: description: "Optional: Host name to connect to, defaults to the pod IP." @@ -849,7 +849,7 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" @@ -857,19 +857,19 @@ spec: type: "object" type: "object" livenessProbe: - description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: - description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: @@ -880,7 +880,7 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -889,7 +889,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -897,7 +897,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -914,24 +914,24 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: - description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1." + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: - description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1." + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: @@ -944,45 +944,45 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: - description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset." + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" name: - description: "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated." + description: "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated." type: "string" ports: - description: "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated." + description: "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated." items: description: "ContainerPort represents a network port in a single container." properties: containerPort: - description: "Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536." + description: "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536." format: "int32" type: "integer" hostIP: description: "What host IP to bind the external port to." type: "string" hostPort: - description: "Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this." + description: "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this." format: "int32" type: "integer" name: - description: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services." + description: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services." type: "string" protocol: default: "TCP" - description: "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\"." + description: "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\"." type: "string" required: - "containerPort" @@ -993,19 +993,19 @@ spec: - "protocol" x-kubernetes-list-type: "map" readinessProbe: - description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: - description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: @@ -1016,7 +1016,7 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1025,7 +1025,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -1033,7 +1033,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1050,24 +1050,24 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: - description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1." + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: - description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1." + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: @@ -1080,17 +1080,17 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: - description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset." + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" @@ -1100,10 +1100,10 @@ spec: description: "ContainerResizePolicy represents resource resize policy for the container." properties: resourceName: - description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." + description: "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory." type: "string" restartPolicy: - description: "Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired." + description: "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired." type: "string" required: - "resourceName" @@ -1112,15 +1112,15 @@ spec: type: "array" x-kubernetes-list-type: "atomic" resources: - description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" required: - "name" @@ -1136,7 +1136,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -1145,20 +1145,20 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" restartPolicy: - description: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is \"Always\". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed." + description: "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted." type: "string" securityContext: - description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" + description: "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" properties: allowPrivilegeEscalation: - description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." + description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" capabilities: - description: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows." + description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: add: description: "Added capabilities" @@ -1174,27 +1174,27 @@ spec: type: "array" type: "object" privileged: - description: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows." + description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: - description: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows." + description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" runAsGroup: - description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" runAsNonRoot: - description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "boolean" runAsUser: - description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" seLinuxOptions: - description: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." properties: level: description: "Level is SELinux level label that applies to the container." @@ -1210,48 +1210,48 @@ spec: type: "string" type: "object" seccompProfile: - description: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows." + description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: - description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is \"Localhost\". Must NOT be set for any other type." + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" windowsOptions: - description: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux." + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: gmsaCredentialSpec: - description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field." + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: - description: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true." + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." type: "boolean" runAsUserName: - description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" startupProbe: - description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: - description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: @@ -1262,7 +1262,7 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1271,7 +1271,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -1279,7 +1279,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1296,24 +1296,24 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: - description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1." + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: - description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1." + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: @@ -1326,34 +1326,34 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: - description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset." + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" stdin: - description: "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false." + description: "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false." type: "boolean" stdinOnce: - description: "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false" + description: "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false" type: "boolean" terminationMessagePath: - description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." + description: "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated." type: "string" terminationMessagePolicy: - description: "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated." + description: "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated." type: "string" tty: - description: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false." + description: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false." type: "boolean" volumeDevices: description: "volumeDevices is the list of block devices to be used by the container." @@ -1372,27 +1372,27 @@ spec: type: "object" type: "array" volumeMounts: - description: "Pod volumes to mount into the container's filesystem. Cannot be updated." + description: "Pod volumes to mount into the container's filesystem.\nCannot be updated." items: description: "VolumeMount describes a mounting of a Volume within a container." properties: mountPath: - description: "Path within the container at which the volume should be mounted. Must not contain ':'." + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." type: "string" mountPropagation: - description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10." + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." type: "string" name: description: "This must match the Name of a Volume." type: "string" readOnly: - description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false." + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" subPath: - description: "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root)." + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." type: "string" subPathExpr: - description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive." + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." type: "string" required: - "mountPath" @@ -1400,22 +1400,22 @@ spec: type: "object" type: "array" workingDir: - description: "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated." + description: "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated." type: "string" required: - "name" type: "object" type: "array" dnsConfig: - description: "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy." + description: "Specifies the DNS parameters of a pod.\nParameters specified here will be merged to the generated DNS\nconfiguration based on DNSPolicy." properties: nameservers: - description: "A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed." + description: "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.\nDuplicated nameservers will be removed." items: type: "string" type: "array" options: - description: "A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy." + description: "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nDuplicated entries will be removed. Resolution options given in Options\nwill override those that appear in the base DNSPolicy." items: description: "PodDNSConfigOption defines DNS resolver options of a pod." properties: @@ -1427,34 +1427,34 @@ spec: type: "object" type: "array" searches: - description: "A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed." + description: "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.\nDuplicated search paths will be removed." items: type: "string" type: "array" type: "object" dnsPolicy: - description: "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'." + description: "Set DNS policy for the pod.\nDefaults to \"ClusterFirst\".\nValid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.\nDNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.\nTo have DNS options set along with hostNetwork, you have to specify DNS policy\nexplicitly to 'ClusterFirstWithHostNet'." type: "string" enableServiceLinks: - description: "EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true." + description: "EnableServiceLinks indicates whether information about services should be injected into pod's\nenvironment variables, matching the syntax of Docker links.\nOptional: Defaults to true." type: "boolean" ephemeralContainers: - description: "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource." + description: "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing\npod to perform user-initiated actions such as debugging. This list cannot be specified when\ncreating a pod, and it cannot be modified by updating the pod spec. In order to add an\nephemeral container to an existing pod, use the pod's ephemeralcontainers subresource." items: - description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a Pod is removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the Pod to exceed its resource allocation. \n To add an ephemeral container, use the ephemeralcontainers subresource of an existing Pod. Ephemeral containers may not be removed or restarted." + description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." properties: args: - description: "Arguments to the entrypoint. The image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" + description: "Arguments to the entrypoint.\nThe image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" command: - description: "Entrypoint array. Not executed within a shell. The image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" + description: "Entrypoint array. Not executed within a shell.\nThe image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" env: - description: "List of environment variables to set in the container. Cannot be updated." + description: "List of environment variables to set in the container.\nCannot be updated." items: description: "EnvVar represents an environment variable present in a Container." properties: @@ -1462,7 +1462,7 @@ spec: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: description: "Source for the environment variable's value. Cannot be used if value is not empty." @@ -1474,7 +1474,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1484,7 +1484,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -1497,7 +1497,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -1523,7 +1523,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1538,7 +1538,7 @@ spec: type: "object" type: "array" envFrom: - description: "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated." + description: "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated." items: description: "EnvFromSource represents the source of a set of ConfigMaps" properties: @@ -1546,7 +1546,7 @@ spec: description: "The ConfigMap to select from" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1560,7 +1560,7 @@ spec: description: "The Secret to select from" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -1570,22 +1570,22 @@ spec: type: "object" type: "array" image: - description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images" + description: "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images" type: "string" imagePullPolicy: - description: "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images" + description: "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images" type: "string" lifecycle: description: "Lifecycle is not allowed for ephemeral containers." properties: postStart: - description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" + description: "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" @@ -1594,7 +1594,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -1602,7 +1602,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1619,10 +1619,10 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" @@ -1638,7 +1638,7 @@ spec: - "seconds" type: "object" tcpSocket: - description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified." + description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor the backward compatibility. There are no validation of this field and\nlifecycle hooks will fail in runtime when tcp handler is specified." properties: host: description: "Optional: Host name to connect to, defaults to the pod IP." @@ -1647,20 +1647,20 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" type: "object" preStop: - description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" + description: "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" @@ -1669,7 +1669,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -1677,7 +1677,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1694,10 +1694,10 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" @@ -1713,7 +1713,7 @@ spec: - "seconds" type: "object" tcpSocket: - description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified." + description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor the backward compatibility. There are no validation of this field and\nlifecycle hooks will fail in runtime when tcp handler is specified." properties: host: description: "Optional: Host name to connect to, defaults to the pod IP." @@ -1722,7 +1722,7 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" @@ -1736,13 +1736,13 @@ spec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: - description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: @@ -1753,7 +1753,7 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1762,7 +1762,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -1770,7 +1770,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1787,24 +1787,24 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: - description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1." + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: - description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1." + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: @@ -1817,22 +1817,22 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: - description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset." + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" name: - description: "Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers." + description: "Name of the ephemeral container specified as a DNS_LABEL.\nThis name must be unique among all containers, init containers and ephemeral containers." type: "string" ports: description: "Ports are not allowed for ephemeral containers." @@ -1840,22 +1840,22 @@ spec: description: "ContainerPort represents a network port in a single container." properties: containerPort: - description: "Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536." + description: "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536." format: "int32" type: "integer" hostIP: description: "What host IP to bind the external port to." type: "string" hostPort: - description: "Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this." + description: "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this." format: "int32" type: "integer" name: - description: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services." + description: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services." type: "string" protocol: default: "TCP" - description: "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\"." + description: "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\"." type: "string" required: - "containerPort" @@ -1872,13 +1872,13 @@ spec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: - description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: @@ -1889,7 +1889,7 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1898,7 +1898,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -1906,7 +1906,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1923,24 +1923,24 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: - description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1." + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: - description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1." + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: @@ -1953,17 +1953,17 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: - description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset." + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" @@ -1973,10 +1973,10 @@ spec: description: "ContainerResizePolicy represents resource resize policy for the container." properties: resourceName: - description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." + description: "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory." type: "string" restartPolicy: - description: "Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired." + description: "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired." type: "string" required: - "resourceName" @@ -1985,15 +1985,15 @@ spec: type: "array" x-kubernetes-list-type: "atomic" resources: - description: "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod." + description: "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources\nalready allocated to the pod." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" required: - "name" @@ -2009,7 +2009,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -2018,20 +2018,20 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" restartPolicy: - description: "Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers." + description: "Restart policy for the container to manage the restart behavior of each\ncontainer within a pod.\nThis may only be set for init containers. You cannot set this field on\nephemeral containers." type: "string" securityContext: - description: "Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext." + description: "Optional: SecurityContext defines the security options the ephemeral container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext." properties: allowPrivilegeEscalation: - description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." + description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" capabilities: - description: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows." + description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: add: description: "Added capabilities" @@ -2047,27 +2047,27 @@ spec: type: "array" type: "object" privileged: - description: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows." + description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: - description: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows." + description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" runAsGroup: - description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" runAsNonRoot: - description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "boolean" runAsUser: - description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" seLinuxOptions: - description: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." properties: level: description: "Level is SELinux level label that applies to the container." @@ -2083,31 +2083,31 @@ spec: type: "string" type: "object" seccompProfile: - description: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows." + description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: - description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is \"Localhost\". Must NOT be set for any other type." + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" windowsOptions: - description: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux." + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: gmsaCredentialSpec: - description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field." + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: - description: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true." + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." type: "boolean" runAsUserName: - description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" @@ -2118,13 +2118,13 @@ spec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: - description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: @@ -2135,7 +2135,7 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2144,7 +2144,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -2152,7 +2152,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -2169,24 +2169,24 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: - description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1." + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: - description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1." + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: @@ -2199,37 +2199,37 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: - description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset." + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" stdin: - description: "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false." + description: "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false." type: "boolean" stdinOnce: - description: "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false" + description: "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false" type: "boolean" targetContainerName: - description: "If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container uses the namespaces configured in the Pod spec. \n The container runtime must implement support for this feature. If the runtime does not support namespace targeting then the result of setting this field is undefined." + description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." type: "string" terminationMessagePath: - description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." + description: "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated." type: "string" terminationMessagePolicy: - description: "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated." + description: "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated." type: "string" tty: - description: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false." + description: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false." type: "boolean" volumeDevices: description: "volumeDevices is the list of block devices to be used by the container." @@ -2248,27 +2248,27 @@ spec: type: "object" type: "array" volumeMounts: - description: "Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated." + description: "Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.\nCannot be updated." items: description: "VolumeMount describes a mounting of a Volume within a container." properties: mountPath: - description: "Path within the container at which the volume should be mounted. Must not contain ':'." + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." type: "string" mountPropagation: - description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10." + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." type: "string" name: description: "This must match the Name of a Volume." type: "string" readOnly: - description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false." + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" subPath: - description: "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root)." + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." type: "string" subPathExpr: - description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive." + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." type: "string" required: - "mountPath" @@ -2276,16 +2276,16 @@ spec: type: "object" type: "array" workingDir: - description: "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated." + description: "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated." type: "string" required: - "name" type: "object" type: "array" hostAliases: - description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods." + description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts\nfile if specified. This is only valid for non-hostNetwork pods." items: - description: "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file." + description: "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the\npod's hosts file." properties: hostnames: description: "Hostnames for the above IP address." @@ -2298,48 +2298,48 @@ spec: type: "object" type: "array" hostIPC: - description: "Use the host's ipc namespace. Optional: Default to false." + description: "Use the host's ipc namespace.\nOptional: Default to false." type: "boolean" hostNetwork: - description: "Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false." + description: "Host networking requested for this pod. Use the host's network namespace.\nIf this option is set, the ports that will be used must be specified.\nDefault to false." type: "boolean" hostPID: - description: "Use the host's pid namespace. Optional: Default to false." + description: "Use the host's pid namespace.\nOptional: Default to false." type: "boolean" hostUsers: - description: "Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature." + description: "Use the host's user namespace.\nOptional: Default to true.\nIf set to true or not present, the pod will be run in the host user namespace, useful\nfor when the pod needs a feature only available to the host user namespace, such as\nloading a kernel module with CAP_SYS_MODULE.\nWhen set to false, a new userns is created for the pod. Setting false is useful for\nmitigating container breakout vulnerabilities even allowing users to run their\ncontainers as root without actually having root privileges on the host.\nThis field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature." type: "boolean" hostname: - description: "Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value." + description: "Specifies the hostname of the Pod\nIf not specified, the pod's hostname will be set to a system-defined value." type: "string" imagePullSecrets: - description: "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod" + description: "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.\nIf specified, these secrets will be passed to individual puller implementations for them to use.\nMore info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod" items: - description: "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace." + description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" type: "array" initContainers: - description: "List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/" + description: "List of initialization containers belonging to the pod.\nInit containers are executed in order prior to containers being started. If any\ninit container fails, the pod is considered to have failed and is handled according\nto its restartPolicy. The name for an init container or normal container must be\nunique among all containers.\nInit containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.\nThe resourceRequirements of an init container are taken into account during scheduling\nby finding the highest request/limit for each resource type, and then using the max of\nof that value or the sum of the normal containers. Limits are applied to init containers\nin a similar fashion.\nInit containers cannot currently be added or removed.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/" items: description: "A single application container that you want to run within a pod." properties: args: - description: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" + description: "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" command: - description: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" + description: "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" env: - description: "List of environment variables to set in the container. Cannot be updated." + description: "List of environment variables to set in the container.\nCannot be updated." items: description: "EnvVar represents an environment variable present in a Container." properties: @@ -2347,7 +2347,7 @@ spec: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: description: "Source for the environment variable's value. Cannot be used if value is not empty." @@ -2359,7 +2359,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2369,7 +2369,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -2382,7 +2382,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -2408,7 +2408,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2423,7 +2423,7 @@ spec: type: "object" type: "array" envFrom: - description: "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated." + description: "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated." items: description: "EnvFromSource represents the source of a set of ConfigMaps" properties: @@ -2431,7 +2431,7 @@ spec: description: "The ConfigMap to select from" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -2445,7 +2445,7 @@ spec: description: "The Secret to select from" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -2455,22 +2455,22 @@ spec: type: "object" type: "array" image: - description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." + description: "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." type: "string" imagePullPolicy: - description: "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images" + description: "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images" type: "string" lifecycle: - description: "Actions that the management system should take in response to container lifecycle events. Cannot be updated." + description: "Actions that the management system should take in response to container lifecycle events.\nCannot be updated." properties: postStart: - description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" + description: "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" @@ -2479,7 +2479,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -2487,7 +2487,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -2504,10 +2504,10 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" @@ -2523,7 +2523,7 @@ spec: - "seconds" type: "object" tcpSocket: - description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified." + description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor the backward compatibility. There are no validation of this field and\nlifecycle hooks will fail in runtime when tcp handler is specified." properties: host: description: "Optional: Host name to connect to, defaults to the pod IP." @@ -2532,20 +2532,20 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" type: "object" preStop: - description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" + description: "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" @@ -2554,7 +2554,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -2562,7 +2562,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -2579,10 +2579,10 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" @@ -2598,7 +2598,7 @@ spec: - "seconds" type: "object" tcpSocket: - description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified." + description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor the backward compatibility. There are no validation of this field and\nlifecycle hooks will fail in runtime when tcp handler is specified." properties: host: description: "Optional: Host name to connect to, defaults to the pod IP." @@ -2607,7 +2607,7 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" @@ -2615,19 +2615,19 @@ spec: type: "object" type: "object" livenessProbe: - description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: - description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: @@ -2638,7 +2638,7 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2647,7 +2647,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -2655,7 +2655,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -2672,24 +2672,24 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: - description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1." + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: - description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1." + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: @@ -2702,45 +2702,45 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: - description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset." + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" name: - description: "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated." + description: "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated." type: "string" ports: - description: "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated." + description: "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated." items: description: "ContainerPort represents a network port in a single container." properties: containerPort: - description: "Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536." + description: "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536." format: "int32" type: "integer" hostIP: description: "What host IP to bind the external port to." type: "string" hostPort: - description: "Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this." + description: "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this." format: "int32" type: "integer" name: - description: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services." + description: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services." type: "string" protocol: default: "TCP" - description: "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\"." + description: "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\"." type: "string" required: - "containerPort" @@ -2751,19 +2751,19 @@ spec: - "protocol" x-kubernetes-list-type: "map" readinessProbe: - description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: - description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: @@ -2774,7 +2774,7 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2783,7 +2783,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -2791,7 +2791,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -2808,24 +2808,24 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: - description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1." + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: - description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1." + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: @@ -2838,17 +2838,17 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: - description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset." + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" @@ -2858,10 +2858,10 @@ spec: description: "ContainerResizePolicy represents resource resize policy for the container." properties: resourceName: - description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." + description: "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory." type: "string" restartPolicy: - description: "Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired." + description: "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired." type: "string" required: - "resourceName" @@ -2870,15 +2870,15 @@ spec: type: "array" x-kubernetes-list-type: "atomic" resources: - description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" required: - "name" @@ -2894,7 +2894,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -2903,20 +2903,20 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" restartPolicy: - description: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is \"Always\". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed." + description: "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted." type: "string" securityContext: - description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" + description: "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" properties: allowPrivilegeEscalation: - description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." + description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" capabilities: - description: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows." + description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: add: description: "Added capabilities" @@ -2932,27 +2932,27 @@ spec: type: "array" type: "object" privileged: - description: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows." + description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: - description: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows." + description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" runAsGroup: - description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" runAsNonRoot: - description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "boolean" runAsUser: - description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" seLinuxOptions: - description: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." properties: level: description: "Level is SELinux level label that applies to the container." @@ -2968,48 +2968,48 @@ spec: type: "string" type: "object" seccompProfile: - description: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows." + description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: - description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is \"Localhost\". Must NOT be set for any other type." + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" windowsOptions: - description: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux." + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: gmsaCredentialSpec: - description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field." + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: - description: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true." + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." type: "boolean" runAsUserName: - description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" startupProbe: - description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: - description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: @@ -3020,7 +3020,7 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3029,7 +3029,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -3037,7 +3037,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -3054,24 +3054,24 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: - description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1." + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: - description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1." + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: @@ -3084,34 +3084,34 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: - description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset." + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" stdin: - description: "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false." + description: "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false." type: "boolean" stdinOnce: - description: "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false" + description: "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false" type: "boolean" terminationMessagePath: - description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." + description: "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated." type: "string" terminationMessagePolicy: - description: "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated." + description: "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated." type: "string" tty: - description: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false." + description: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false." type: "boolean" volumeDevices: description: "volumeDevices is the list of block devices to be used by the container." @@ -3130,27 +3130,27 @@ spec: type: "object" type: "array" volumeMounts: - description: "Pod volumes to mount into the container's filesystem. Cannot be updated." + description: "Pod volumes to mount into the container's filesystem.\nCannot be updated." items: description: "VolumeMount describes a mounting of a Volume within a container." properties: mountPath: - description: "Path within the container at which the volume should be mounted. Must not contain ':'." + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." type: "string" mountPropagation: - description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10." + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." type: "string" name: description: "This must match the Name of a Volume." type: "string" readOnly: - description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false." + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" subPath: - description: "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root)." + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." type: "string" subPathExpr: - description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive." + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." type: "string" required: - "mountPath" @@ -3158,26 +3158,26 @@ spec: type: "object" type: "array" workingDir: - description: "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated." + description: "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated." type: "string" required: - "name" type: "object" type: "array" nodeName: - description: "NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements." + description: "NodeName is a request to schedule this pod onto a specific node. If it is non-empty,\nthe scheduler simply schedules this pod onto that node, assuming that it fits resource\nrequirements." type: "string" nodeSelector: additionalProperties: type: "string" - description: "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" + description: "NodeSelector is a selector which must be true for the pod to fit on a node.\nSelector which must match a node's labels for the pod to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" type: "object" x-kubernetes-map-type: "atomic" os: - description: "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set. \n If the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions \n If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup" + description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" properties: name: - description: "Name is the name of the operating system. The currently supported values are linux and windows. Additional value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration Clients should expect to handle additional values and treat unrecognized values in this field as os: null" + description: "Name is the name of the operating system. The currently supported values are linux and windows.\nAdditional value may be defined in future and can be one of:\nhttps://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration\nClients should expect to handle additional values and treat unrecognized values in this field as os: null" type: "string" required: - "name" @@ -3189,20 +3189,20 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md" + description: "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.\nThis field will be autopopulated at admission time by the RuntimeClass admission controller. If\nthe RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.\nThe RuntimeClass admission controller will reject Pod create requests which have the overhead already\nset. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value\ndefined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.\nMore info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md" type: "object" preemptionPolicy: - description: "PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset." + description: "PreemptionPolicy is the Policy for preempting pods with lower priority.\nOne of Never, PreemptLowerPriority.\nDefaults to PreemptLowerPriority if unset." type: "string" priority: - description: "The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority." + description: "The priority value. Various system components use this field to find the\npriority of the pod. When Priority Admission Controller is enabled, it\nprevents users from setting this field. The admission controller populates\nthis field from PriorityClassName.\nThe higher the value, the higher the priority." format: "int32" type: "integer" priorityClassName: - description: "If specified, indicates the pod's priority. \"system-node-critical\" and \"system-cluster-critical\" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default." + description: "If specified, indicates the pod's priority. \"system-node-critical\" and\n\"system-cluster-critical\" are two special keywords which indicate the\nhighest priorities with the former being the highest priority. Any other\nname must be defined by creating a PriorityClass object with that name.\nIf not specified, the pod priority will be default or zero if there is no\ndefault." type: "string" readinessGates: - description: "If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to \"True\" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates" + description: "If specified, all readiness gates will be evaluated for pod readiness.\nA pod is ready when all its containers are ready AND\nall conditions specified in the readiness gates have status equal to \"True\"\nMore info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates" items: description: "PodReadinessGate contains the reference to a pod condition" properties: @@ -3214,21 +3214,21 @@ spec: type: "object" type: "array" resourceClaims: - description: "ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable." + description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable." items: - description: "PodResourceClaim references exactly one ResourceClaim through a ClaimSource. It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name." + description: "PodResourceClaim references exactly one ResourceClaim through a ClaimSource.\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." properties: name: - description: "Name uniquely identifies this resource claim inside the pod. This must be a DNS_LABEL." + description: "Name uniquely identifies this resource claim inside the pod.\nThis must be a DNS_LABEL." type: "string" source: description: "Source describes where to find the ResourceClaim." properties: resourceClaimName: - description: "ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod." + description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod." type: "string" resourceClaimTemplateName: - description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim." + description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim." type: "string" type: "object" required: @@ -3239,21 +3239,21 @@ spec: - "name" x-kubernetes-list-type: "map" restartPolicy: - description: "Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy" + description: "Restart policy for all containers within the pod.\nOne of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.\nDefault to Always.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy" type: "string" runtimeClassName: - description: "RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the \"legacy\" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class" + description: "RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used\nto run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.\nIf unset or empty, the \"legacy\" RuntimeClass will be used, which is an implicit class with an\nempty definition that uses the default runtime handler.\nMore info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class" type: "string" schedulerName: - description: "If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler." + description: "If specified, the pod will be dispatched by specified scheduler.\nIf not specified, the pod will be dispatched by default scheduler." type: "string" schedulingGates: - description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod. \n SchedulingGates can only be set at pod creation time, and be removed only afterwards. \n This is a beta feature enabled by the PodSchedulingReadiness feature gate." + description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards.\n\n\nThis is a beta feature enabled by the PodSchedulingReadiness feature gate." items: description: "PodSchedulingGate is associated to a Pod to guard its scheduling." properties: name: - description: "Name of the scheduling gate. Each scheduling gate must have a unique name field." + description: "Name of the scheduling gate.\nEach scheduling gate must have a unique name field." type: "string" required: - "name" @@ -3263,28 +3263,28 @@ spec: - "name" x-kubernetes-list-type: "map" securityContext: - description: "SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field." + description: "SecurityContext holds pod-level security attributes and common container settings.\nOptional: Defaults to empty. See type description for default values of each field." properties: fsGroup: - description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: - description: "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used. Note that this field cannot be set when spec.os.name is windows." + description: "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows." type: "string" runAsGroup: - description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows." + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" runAsNonRoot: - description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "boolean" runAsUser: - description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows." + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" seLinuxOptions: - description: "The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows." + description: "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows." properties: level: description: "Level is SELinux level label that applies to the container." @@ -3300,25 +3300,25 @@ spec: type: "string" type: "object" seccompProfile: - description: "The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows." + description: "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: - description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is \"Localhost\". Must NOT be set for any other type." + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" sysctls: - description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows." + description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: description: "Sysctl defines a kernel parameter to be set" properties: @@ -3334,85 +3334,85 @@ spec: type: "object" type: "array" windowsOptions: - description: "The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux." + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: gmsaCredentialSpec: - description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field." + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: - description: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true." + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." type: "boolean" runAsUserName: - description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" serviceAccount: - description: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead." + description: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.\nDeprecated: Use serviceAccountName instead." type: "string" serviceAccountName: - description: "ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" + description: "ServiceAccountName is the name of the ServiceAccount to use to run this pod.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" type: "string" setHostnameAsFQDN: - description: "If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Tcpip\\\\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false." + description: "If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).\nIn Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).\nIn Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Tcpip\\\\Parameters to FQDN.\nIf a pod does not have FQDN, this has no effect.\nDefault to false." type: "boolean" shareProcessNamespace: - description: "Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false." + description: "Share a single process namespace between all of the containers in a pod.\nWhen this is set containers will be able to view and signal processes from other containers\nin the same pod, and the first process in each container will not be assigned PID 1.\nHostPID and ShareProcessNamespace cannot both be set.\nOptional: Default to false." type: "boolean" subdomain: - description: "If specified, the fully qualified Pod hostname will be \"...svc.\". If not specified, the pod will not have a domainname at all." + description: "If specified, the fully qualified Pod hostname will be \"...svc.\".\nIf not specified, the pod will not have a domainname at all." type: "string" terminationGracePeriodSeconds: - description: "Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds." + description: "Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nIf this value is nil, the default grace period will be used instead.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nDefaults to 30 seconds." format: "int64" type: "integer" tolerations: description: "If specified, the pod's tolerations." items: - description: "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator ." + description: "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ." properties: effect: - description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + description: "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." type: "string" key: - description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys." + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys." type: "string" operator: - description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category." + description: "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category." type: "string" tolerationSeconds: - description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system." + description: "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system." format: "int64" type: "integer" value: - description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string." + description: "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string." type: "string" type: "object" type: "array" topologySpreadConstraints: - description: "TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed." + description: "TopologySpreadConstraints describes how a group of pods ought to spread across topology\ndomains. Scheduler will schedule pods in a way which abides by the constraints.\nAll topologySpreadConstraints are ANDed." items: description: "TopologySpreadConstraint specifies how to spread matching pods among the given topology." properties: labelSelector: - description: "LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain." + description: "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -3424,35 +3424,35 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" maxSkew: - description: "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed." + description: "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed." format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. \n This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.\n\n\nThis is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default)." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: - description: "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field." + description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." type: "string" whenUnsatisfiable: - description: "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered \"Unsatisfiable\" for an incoming pod if and only if every possible node assignment for that pod would violate \"MaxSkew\" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field." + description: "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field." type: "string" required: - "maxSkew" @@ -3465,25 +3465,25 @@ spec: - "whenUnsatisfiable" x-kubernetes-list-type: "map" volumes: - description: "List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes" + description: "List of volumes that can be mounted by containers belonging to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes" items: description: "Volume represents a named volume in a pod that may be accessed by any container in the pod." properties: awsElasticBlockStore: - description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" partition: - description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." + description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." format: "int32" type: "integer" readOnly: - description: "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + description: "readOnly value true will force the readOnly setting in VolumeMounts.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "boolean" volumeID: - description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" required: - "volumeID" @@ -3501,13 +3501,13 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: - description: "fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: - description: "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: - "diskName" @@ -3517,7 +3517,7 @@ spec: description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod." properties: readOnly: - description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" secretName: description: "secretName is the name of secret that contains Azure Storage Account Name and Key" @@ -3533,7 +3533,7 @@ spec: description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime" properties: monitors: - description: "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "monitors is Required: Monitors is a collection of Ceph monitors\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" items: type: "string" type: "array" @@ -3541,44 +3541,44 @@ spec: description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" type: "string" readOnly: - description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "boolean" secretFile: - description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "string" secretRef: - description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: - description: "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "user is optional: User is the rados user name, default is admin\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "string" required: - "monitors" type: "object" cinder: - description: "cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "cinder represents a cinder volume attached and mounted on kubelets host machine.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" properties: fsType: - description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "string" readOnly: - description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "boolean" secretRef: - description: "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack." + description: "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack." properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" volumeID: - description: "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "volumeID used to identify the volume in cinder.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "string" required: - "volumeID" @@ -3587,11 +3587,11 @@ spec: description: "configMap represents a configMap that should populate this volume" properties: defaultMode: - description: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" items: - description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: @@ -3599,11 +3599,11 @@ spec: description: "key is the key to project." type: "string" mode: - description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." type: "string" required: - "key" @@ -3611,7 +3611,7 @@ spec: type: "object" type: "array" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -3622,26 +3622,26 @@ spec: description: "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature)." properties: driver: - description: "driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster." + description: "driver is the name of the CSI driver that handles this volume.\nConsult with your admin for the correct name as registered in the cluster." type: "string" fsType: - description: "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply." + description: "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\".\nIf not provided, the empty value is passed to the associated CSI driver\nwhich will determine the default filesystem to apply." type: "string" nodePublishSecretRef: - description: "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed." + description: "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed." properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" readOnly: - description: "readOnly specifies a read-only configuration for the volume. Defaults to false (read/write)." + description: "readOnly specifies a read-only configuration for the volume.\nDefaults to false (read/write)." type: "boolean" volumeAttributes: additionalProperties: type: "string" - description: "volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values." + description: "volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values." type: "object" required: - "driver" @@ -3650,7 +3650,7 @@ spec: description: "downwardAPI represents downward API about the pod that should populate this volume" properties: defaultMode: - description: "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "Optional: mode bits to use on created files by default. Must be a\nOptional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" items: @@ -3672,14 +3672,14 @@ spec: type: "object" x-kubernetes-map-type: "atomic" mode: - description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" type: "string" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -3704,41 +3704,41 @@ spec: type: "array" type: "object" emptyDir: - description: "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + description: "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" properties: medium: - description: "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + description: "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" type: "string" sizeLimit: anyOf: - type: "integer" - type: "string" - description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + description: "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." properties: metadata: - description: "May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation." + description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." type: "object" spec: - description: "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here." + description: "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here." properties: accessModes: - description: "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + description: "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" items: type: "string" type: "array" dataSource: - description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." + description: "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource." properties: apiGroup: - description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" kind: description: "Kind is the type of resource being referenced" @@ -3752,10 +3752,10 @@ spec: type: "object" x-kubernetes-map-type: "atomic" dataSourceRef: - description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." properties: apiGroup: - description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" kind: description: "Kind is the type of resource being referenced" @@ -3764,14 +3764,14 @@ spec: description: "Name is the name of resource being referenced" type: "string" namespace: - description: "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + description: "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." type: "string" required: - "kind" - "name" type: "object" resources: - description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" + description: "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" properties: limits: additionalProperties: @@ -3780,7 +3780,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -3789,7 +3789,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" selector: @@ -3798,16 +3798,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -3819,18 +3819,18 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" storageClassName: - description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" + description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." type: "string" volumeMode: - description: "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec." + description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." type: "string" volumeName: description: "volumeName is the binding reference to the PersistentVolume backing this claim." @@ -3844,14 +3844,14 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" lun: description: "lun is Optional: FC target lun number" format: "int32" type: "integer" readOnly: - description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" targetWWNs: description: "targetWWNs is Optional: FC target worldwide names (WWNs)" @@ -3859,19 +3859,19 @@ spec: type: "string" type: "array" wwids: - description: "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously." + description: "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously." items: type: "string" type: "array" type: "object" flexVolume: - description: "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin." + description: "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin." properties: driver: description: "driver is the name of the driver to use for this volume." type: "string" fsType: - description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script." + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script." type: "string" options: additionalProperties: @@ -3879,13 +3879,13 @@ spec: description: "options is Optional: this field holds extra command options if any." type: "object" readOnly: - description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" secretRef: - description: "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." + description: "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts." properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3896,36 +3896,36 @@ spec: description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running" properties: datasetName: - description: "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated" + description: "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker\nshould be considered as deprecated" type: "string" datasetUUID: description: "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset" type: "string" type: "object" gcePersistentDisk: - description: "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" partition: - description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" format: "int32" type: "integer" pdName: - description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" readOnly: - description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "boolean" required: - "pdName" type: "object" gitRepo: - description: "gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." + description: "gitRepo represents a git repository at a particular revision.\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\ninto the Pod's container." properties: directory: - description: "directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name." + description: "directory is the target directory name.\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\ngit repository. Otherwise, if specified, the volume will contain the git repository in\nthe subdirectory with the given name." type: "string" repository: description: "repository is the URL" @@ -3937,35 +3937,35 @@ spec: - "repository" type: "object" glusterfs: - description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md" + description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md" properties: endpoints: - description: "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + description: "endpoints is the endpoint name that details Glusterfs topology.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "string" path: - description: "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + description: "path is the Glusterfs volume path.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "string" readOnly: - description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "boolean" required: - "endpoints" - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." properties: path: - description: "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" type: "string" type: - description: "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + description: "type for HostPath Volume\nDefaults to \"\"\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" type: "string" required: - "path" type: "object" iscsi: - description: "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" + description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: chapAuthDiscovery: description: "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication" @@ -3974,39 +3974,39 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" initiatorName: - description: "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection." + description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." type: "string" iqn: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: - description: "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp)." + description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: description: "lun represents iSCSI Target Lun number." format: "int32" type: "integer" portals: - description: "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." + description: "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260)." items: type: "string" type: "array" readOnly: - description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false." + description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false." type: "boolean" secretRef: description: "secretRef is the CHAP Secret for iSCSI target and initiator authentication" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" targetPortal: - description: "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." + description: "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260)." type: "string" required: - "iqn" @@ -4014,32 +4014,32 @@ spec: - "targetPortal" type: "object" name: - description: "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" nfs: - description: "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "nfs represents an NFS mount on the host that shares a pod's lifetime\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" properties: path: - description: "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "path that is exported by the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "string" readOnly: - description: "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "readOnly here will force the NFS export to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "boolean" server: - description: "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "server is the hostname or IP address of the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "string" required: - "path" - "server" type: "object" persistentVolumeClaim: - description: "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + description: "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" properties: claimName: - description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" type: "string" readOnly: - description: "readOnly Will force the ReadOnly setting in VolumeMounts. Default false." + description: "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false." type: "boolean" required: - "claimName" @@ -4048,7 +4048,7 @@ spec: description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine" properties: fsType: - description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" pdID: description: "pdID is the ID that identifies Photon Controller persistent disk" @@ -4060,10 +4060,10 @@ spec: description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine" properties: fsType: - description: "fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fSType represents the filesystem type to mount\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" readOnly: - description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" volumeID: description: "volumeID uniquely identifies a Portworx volume" @@ -4075,7 +4075,7 @@ spec: description: "projected items for all in one resources secrets, configmaps, and downward API" properties: defaultMode: - description: "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" sources: @@ -4084,24 +4084,24 @@ spec: description: "Projection that may be projected along with other supported volume types" properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. \n Alpha, gated by the ClusterTrustBundleProjection feature gate. \n ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. \n Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: - description: "Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as \"match nothing\". If set but empty, interpreted as \"match everything\"." + description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -4113,21 +4113,21 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" name: - description: "Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector." + description: "Select a single ClusterTrustBundle by object name. Mutually-exclusive\nwith signerName and labelSelector." type: "string" optional: - description: "If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles." + description: "If true, don't block pod startup if the referenced ClusterTrustBundle(s)\naren't available. If using name, then the named ClusterTrustBundle is\nallowed not to exist. If using signerName, then the combination of\nsignerName and labelSelector is allowed to match zero\nClusterTrustBundles." type: "boolean" path: description: "Relative path from the volume root to write the bundle." type: "string" signerName: - description: "Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated." + description: "Select all ClusterTrustBundles that match this signer name.\nMutually-exclusive with name. The contents of all selected\nClusterTrustBundles will be unified and deduplicated." type: "string" required: - "path" @@ -4136,7 +4136,7 @@ spec: description: "configMap information about the configMap data to project" properties: items: - description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: @@ -4144,11 +4144,11 @@ spec: description: "key is the key to project." type: "string" mode: - description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." type: "string" required: - "key" @@ -4156,7 +4156,7 @@ spec: type: "object" type: "array" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -4185,14 +4185,14 @@ spec: type: "object" x-kubernetes-map-type: "atomic" mode: - description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" type: "string" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -4220,7 +4220,7 @@ spec: description: "secret information about the secret data to project" properties: items: - description: "items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: @@ -4228,11 +4228,11 @@ spec: description: "key is the key to project." type: "string" mode: - description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." type: "string" required: - "key" @@ -4240,7 +4240,7 @@ spec: type: "object" type: "array" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -4251,14 +4251,14 @@ spec: description: "serviceAccountToken is information about the serviceAccountToken data to project" properties: audience: - description: "audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver." + description: "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver." type: "string" expirationSeconds: - description: "expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes." + description: "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes." format: "int64" type: "integer" path: - description: "path is the path relative to the mount point of the file to project the token into." + description: "path is the path relative to the mount point of the file to project the\ntoken into." type: "string" required: - "path" @@ -4270,19 +4270,19 @@ spec: description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime" properties: group: - description: "group to map volume access to Default is no group" + description: "group to map volume access to\nDefault is no group" type: "string" readOnly: - description: "readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false." + description: "readOnly here will force the Quobyte volume to be mounted with read-only permissions.\nDefaults to false." type: "boolean" registry: - description: "registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes" + description: "registry represents a single or multiple Quobyte Registry services\nspecified as a string as host:port pair (multiple entries are separated with commas)\nwhich acts as the central registry for volumes" type: "string" tenant: - description: "tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin" + description: "tenant owning the given Quobyte volume in the Backend\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin" type: "string" user: - description: "user to map volume access to Defaults to serivceaccount user" + description: "user to map volume access to\nDefaults to serivceaccount user" type: "string" volume: description: "volume is a string that references an already created Quobyte volume by name." @@ -4292,38 +4292,38 @@ spec: - "volume" type: "object" rbd: - description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md" + description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" image: - description: "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: - description: "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: - description: "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" items: type: "string" type: "array" pool: - description: "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: - description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "boolean" secretRef: - description: "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: - description: "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: - "image" @@ -4333,7 +4333,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: - description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\"." + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: description: "gateway is the host address of the ScaleIO API Gateway." @@ -4342,13 +4342,13 @@ spec: description: "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage." type: "string" readOnly: - description: "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" secretRef: - description: "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail." + description: "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail." properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4356,7 +4356,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: - description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned." + description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: description: "storagePool is the ScaleIO Storage Pool associated with the protection domain." @@ -4365,7 +4365,7 @@ spec: description: "system is the name of the storage system as configured in ScaleIO." type: "string" volumeName: - description: "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source." + description: "volumeName is the name of a volume already created in the ScaleIO system\nthat is associated with this volume source." type: "string" required: - "gateway" @@ -4373,14 +4373,14 @@ spec: - "system" type: "object" secret: - description: "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + description: "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" properties: defaultMode: - description: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" items: - description: "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: @@ -4388,11 +4388,11 @@ spec: description: "key is the key to project." type: "string" mode: - description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." type: "string" required: - "key" @@ -4403,38 +4403,38 @@ spec: description: "optional field specify whether the Secret or its keys must be defined" type: "boolean" secretName: - description: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + description: "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" type: "string" type: "object" storageos: description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes." properties: fsType: - description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" readOnly: - description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" secretRef: - description: "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted." + description: "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted." properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" volumeName: - description: "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace." + description: "volumeName is the human-readable name of the StorageOS volume. Volume\nnames are only unique within a namespace." type: "string" volumeNamespace: - description: "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created." + description: "volumeNamespace specifies the scope of the volume within StorageOS. If no\nnamespace is specified then the Pod's namespace will be used. This allows the\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\nSet VolumeName to any name to override the default behaviour.\nSet to \"default\" if you are not using namespaces within StorageOS.\nNamespaces that do not pre-exist within StorageOS will be created." type: "string" type: "object" vsphereVolume: description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine" properties: fsType: - description: "fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" storagePolicyID: description: "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName." @@ -4459,7 +4459,7 @@ spec: agentTokens: description: "List of the agent tokens to generate." items: - description: "Agent Token is a secret token that a Terraform Cloud Agent is used to connect to the Terraform Cloud Agent Pool. In `spec` only the field `Name` is allowed, the rest are used in `status`. More infromation: - https://developer.hashicorp.com/terraform/cloud-docs/agents" + description: "Agent Token is a secret token that a Terraform Cloud Agent is used to connect to the Terraform Cloud Agent Pool.\nIn `spec` only the field `Name` is allowed, the rest are used in `status`.\nMore infromation:\n - https://developer.hashicorp.com/terraform/cloud-docs/agents" properties: createdAt: description: "Timestamp of when the agent token was created." @@ -4499,7 +4499,7 @@ spec: format: "int32" type: "integer" targetWorkspaces: - description: "TargetWorkspaces is a list of Terraform Cloud Workspaces which the agent pool should scale up to meet demand. When this field is ommited the autoscaler will target all workspaces that are associated with the AgentPool." + description: "TargetWorkspaces is a list of Terraform Cloud Workspaces which\nthe agent pool should scale up to meet demand. When this field\nis ommited the autoscaler will target all workspaces that are\nassociated with the AgentPool." items: description: "TargetWorkspace is the name or ID of the workspace you want autoscale against." properties: @@ -4521,11 +4521,11 @@ spec: - "minReplicas" type: "object" name: - description: "Agent Pool name. More information: - https://developer.hashicorp.com/terraform/cloud-docs/agents/agent-pools" + description: "Agent Pool name.\nMore information:\n - https://developer.hashicorp.com/terraform/cloud-docs/agents/agent-pools" minLength: 1 type: "string" organization: - description: "Organization name where the Workspace will be created. More information: - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/organizations" + description: "Organization name where the Workspace will be created.\nMore information:\n - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/organizations" minLength: 1 type: "string" token: @@ -4538,7 +4538,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4567,7 +4567,7 @@ spec: agentTokens: description: "List of the agent tokens generated by the controller." items: - description: "Agent Token is a secret token that a Terraform Cloud Agent is used to connect to the Terraform Cloud Agent Pool. In `spec` only the field `Name` is allowed, the rest are used in `status`. More infromation: - https://developer.hashicorp.com/terraform/cloud-docs/agents" + description: "Agent Token is a secret token that a Terraform Cloud Agent is used to connect to the Terraform Cloud Agent Pool.\nIn `spec` only the field `Name` is allowed, the rest are used in `status`.\nMore infromation:\n - https://developer.hashicorp.com/terraform/cloud-docs/agents" properties: createdAt: description: "Timestamp of when the agent token was created." diff --git a/crd-catalog/hashicorp/terraform-cloud-operator/app.terraform.io/v1alpha2/modules.yaml b/crd-catalog/hashicorp/terraform-cloud-operator/app.terraform.io/v1alpha2/modules.yaml index 37bcc76cb..3006bc2e3 100644 --- a/crd-catalog/hashicorp/terraform-cloud-operator/app.terraform.io/v1alpha2/modules.yaml +++ b/crd-catalog/hashicorp/terraform-cloud-operator/app.terraform.io/v1alpha2/modules.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.11.3" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "modules.app.terraform.io" spec: group: "app.terraform.io" @@ -23,13 +23,13 @@ spec: name: "v1alpha2" schema: openAPIV3Schema: - description: "Module is the Schema for the modules API Module implements the API-driven Run Workflow More information: - https://developer.hashicorp.com/terraform/cloud-docs/run/api" + description: "Module is the Schema for the modules API\nModule implements the API-driven Run Workflow\nMore information:\n - https://developer.hashicorp.com/terraform/cloud-docs/run/api" properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -38,13 +38,13 @@ spec: properties: destroyOnDeletion: default: false - description: "Specify whether or not to execute a Destroy run when the object is deleted from the Kubernetes. Default: `false`." + description: "Specify whether or not to execute a Destroy run when the object is deleted from the Kubernetes.\nDefault: `false`." type: "boolean" module: description: "Module source and version to execute." properties: source: - description: "Non local Terraform module source. More information: - https://developer.hashicorp.com/terraform/language/modules/sources" + description: "Non local Terraform module source.\nMore information:\n - https://developer.hashicorp.com/terraform/language/modules/sources" minLength: 1 type: "string" version: @@ -56,11 +56,11 @@ spec: type: "object" name: default: "this" - description: "Name of the module that will be uploaded and executed. Default: `this`." + description: "Name of the module that will be uploaded and executed.\nDefault: `this`." minLength: 1 type: "string" organization: - description: "Organization name where the Workspace will be created. More information: - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/organizations" + description: "Organization name where the Workspace will be created.\nMore information:\n - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/organizations" minLength: 1 type: "string" outputs: @@ -74,7 +74,7 @@ spec: type: "string" sensitive: default: false - description: "Specify whether or not the output is sensitive. Default: `false`." + description: "Specify whether or not the output is sensitive.\nDefault: `false`." type: "boolean" required: - "name" @@ -82,7 +82,7 @@ spec: minItems: 1 type: "array" restartedAt: - description: "Allows executing a new Run without changing any Workspace or Module attributes. Example: kubectl patch --type=merge --patch '{\"spec\": {\"restartedAt\": \"'\\`date -u -Iseconds\\`'\"}}'" + description: "Allows executing a new Run without changing any Workspace or Module attributes.\nExample: kubectl patch --type=merge --patch '{\"spec\": {\"restartedAt\": \"'\\`date -u -Iseconds\\`'\"}}'" minLength: 1 type: "string" token: @@ -95,7 +95,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -125,7 +125,7 @@ spec: description: "Workspace to execute the module." properties: id: - description: "Module Workspace ID. Must match pattern: `^ws-[a-zA-Z0-9]+$`" + description: "Module Workspace ID.\nMust match pattern: `^ws-[a-zA-Z0-9]+$`" pattern: "^ws-[a-zA-Z0-9]+$" type: "string" name: @@ -143,7 +143,7 @@ spec: description: "ModuleStatus defines the observed state of Module." properties: configurationVersion: - description: "A configuration version is a resource used to reference the uploaded configuration files. More information: - https://developer.hashicorp.com/terraform/cloud-docs/api-docs/configuration-versions - https://developer.hashicorp.com/terraform/cloud-docs/run/api" + description: "A configuration version is a resource used to reference the uploaded configuration files.\nMore information:\n - https://developer.hashicorp.com/terraform/cloud-docs/api-docs/configuration-versions\n - https://developer.hashicorp.com/terraform/cloud-docs/run/api" properties: id: description: "Configuration Version ID." @@ -172,7 +172,7 @@ spec: - "runID" type: "object" run: - description: "Workspace Runs status. More information: - https://developer.hashicorp.com/terraform/cloud-docs/run/states" + description: "Workspace Runs status.\nMore information:\n - https://developer.hashicorp.com/terraform/cloud-docs/run/states" properties: configurationVersion: description: "The configuration version of this run." diff --git a/crd-catalog/hashicorp/terraform-cloud-operator/app.terraform.io/v1alpha2/workspaces.yaml b/crd-catalog/hashicorp/terraform-cloud-operator/app.terraform.io/v1alpha2/workspaces.yaml index b3f19b731..6698d3e5d 100644 --- a/crd-catalog/hashicorp/terraform-cloud-operator/app.terraform.io/v1alpha2/workspaces.yaml +++ b/crd-catalog/hashicorp/terraform-cloud-operator/app.terraform.io/v1alpha2/workspaces.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.11.3" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "workspaces.app.terraform.io" spec: group: "app.terraform.io" @@ -23,10 +23,10 @@ spec: description: "Workspace is the Schema for the workspaces API" properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -34,10 +34,10 @@ spec: description: "WorkspaceSpec defines the desired state of Workspace." properties: agentPool: - description: "Terraform Cloud Agents allow Terraform Cloud to communicate with isolated, private, or on-premises infrastructure. More information: - https://developer.hashicorp.com/terraform/cloud-docs/agents" + description: "Terraform Cloud Agents allow Terraform Cloud to communicate with isolated, private, or on-premises infrastructure.\nMore information:\n - https://developer.hashicorp.com/terraform/cloud-docs/agents" properties: id: - description: "Agent Pool ID. Must match pattern: `^apool-[a-zA-Z0-9]+$`" + description: "Agent Pool ID.\nMust match pattern: `^apool-[a-zA-Z0-9]+$`" pattern: "^apool-[a-zA-Z0-9]+$" type: "string" name: @@ -47,11 +47,11 @@ spec: type: "object" allowDestroyPlan: default: true - description: "Allows a destroy plan to be created and applied. Default: `true`. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings#destruction-and-deletion" + description: "Allows a destroy plan to be created and applied.\nDefault: `true`.\nMore information:\n - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings#destruction-and-deletion" type: "boolean" applyMethod: default: "manual" - description: "Define either change will be applied automatically(auto) or require an operator to confirm(manual). Must be one of the following values: `auto`, `manual`. Default: `manual`. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings#auto-apply-and-manual-apply" + description: "Define either change will be applied automatically(auto) or require an operator to confirm(manual).\nMust be one of the following values: `auto`, `manual`.\nDefault: `manual`.\nMore information:\n - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings#auto-apply-and-manual-apply" pattern: "^(auto|manual)$" type: "string" description: @@ -59,9 +59,9 @@ spec: minLength: 1 type: "string" environmentVariables: - description: "Terraform Environment variables for all plans and applies in this workspace. Variables defined within a workspace always overwrite variables from variable sets that have the same type and the same key. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables#environment-variables" + description: "Terraform Environment variables for all plans and applies in this workspace.\nVariables defined within a workspace always overwrite variables from variable sets that have the same type and the same key.\nMore information:\n - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables\n - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables#environment-variables" items: - description: "Variables let you customize configurations, modify Terraform's behavior, and store information like provider credentials. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables" + description: "Variables let you customize configurations, modify Terraform's behavior, and store information like provider credentials.\nMore information:\n - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables" properties: description: description: "Description of the variable." @@ -69,7 +69,7 @@ spec: type: "string" hcl: default: false - description: "Parse this field as HashiCorp Configuration Language (HCL). This allows you to interpolate values at runtime. Default: `false`." + description: "Parse this field as HashiCorp Configuration Language (HCL). This allows you to interpolate values at runtime.\nDefault: `false`." type: "boolean" name: description: "Name of the variable." @@ -77,7 +77,7 @@ spec: type: "string" sensitive: default: false - description: "Sensitive variables are never shown in the UI or API. They may appear in Terraform logs if your configuration is designed to output them. Default: `false`." + description: "Sensitive variables are never shown in the UI or API.\nThey may appear in Terraform logs if your configuration is designed to output them.\nDefault: `false`." type: "boolean" value: description: "Value of the variable." @@ -93,7 +93,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -109,7 +109,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -126,7 +126,7 @@ spec: type: "array" executionMode: default: "remote" - description: "Define where the Terraform code will be executed. Must be one of the following values: `agent`, `local`, `remote`. Default: `remote`. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings#execution-mode" + description: "Define where the Terraform code will be executed.\nMust be one of the following values: `agent`, `local`, `remote`.\nDefault: `remote`.\nMore information:\n - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings#execution-mode" pattern: "^(agent|local|remote)$" type: "string" name: @@ -134,12 +134,12 @@ spec: minLength: 1 type: "string" notifications: - description: "Notifications allow you to send messages to other applications based on run and workspace events. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/notifications" + description: "Notifications allow you to send messages to other applications based on run and workspace events.\nMore information:\n - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/notifications" items: - description: "Notifications allow you to send messages to other applications based on run and workspace events. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/notifications" + description: "Notifications allow you to send messages to other applications based on run and workspace events.\nMore information:\n - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/notifications" properties: emailAddresses: - description: "The list of email addresses that will receive notification emails. It is only available for Terraform Enterprise users. It is not available in Terraform Cloud." + description: "The list of email addresses that will receive notification emails.\nIt is only available for Terraform Enterprise users. It is not available in Terraform Cloud." items: type: "string" minItems: 1 @@ -152,7 +152,7 @@ spec: type: "array" enabled: default: true - description: "Whether the notification configuration should be enabled or not. Default: `true`." + description: "Whether the notification configuration should be enabled or not.\nDefault: `true`." type: "boolean" name: description: "Notification name." @@ -163,9 +163,9 @@ spec: minLength: 1 type: "string" triggers: - description: "The list of run events that will trigger notifications. Trigger represents the different TFC notifications that can be sent as a run's progress transitions between different states. There are two categories of triggers: - Health Events: `assessment:check_failure`, `assessment:drifted`, `assessment:failed`. - Run Events: `run:applying`, `run:completed`, `run:created`, `run:errored`, `run:needs_attention`, `run:planning`." + description: "The list of run events that will trigger notifications.\nTrigger represents the different TFC notifications that can be sent as a run's progress transitions between different states.\nThere are two categories of triggers:\n - Health Events: `assessment:check_failure`, `assessment:drifted`, `assessment:failed`.\n - Run Events: `run:applying`, `run:completed`, `run:created`, `run:errored`, `run:needs_attention`, `run:planning`." items: - description: "NotificationTrigger represents the different TFC notifications that can be sent as a run's progress transitions between different states. This must be aligned with go-tfe type `NotificationTriggerType`. Must be one of the following values: `run:applying`, `assessment:check_failure`, `run:completed`, `run:created`, `assessment:drifted`, `run:errored`, `assessment:failed`, `run:needs_attention`, `run:planning`." + description: "NotificationTrigger represents the different TFC notifications that can be sent as a run's progress transitions between different states.\nThis must be aligned with go-tfe type `NotificationTriggerType`.\nMust be one of the following values: `run:applying`, `assessment:check_failure`, `run:completed`, `run:created`, `assessment:drifted`, `run:errored`, `assessment:failed`, `run:needs_attention`, `run:planning`." enum: - "run:applying" - "assessment:check_failure" @@ -180,7 +180,7 @@ spec: minItems: 1 type: "array" type: - description: "The type of the notification. Must be one of the following values: `email`, `generic`, `microsoft-teams`, `slack`." + description: "The type of the notification.\nMust be one of the following values: `email`, `generic`, `microsoft-teams`, `slack`." enum: - "email" - "generic" @@ -188,7 +188,7 @@ spec: - "slack" type: "string" url: - description: "The URL of the notification. Must match pattern: `^https?://.*`" + description: "The URL of the notification.\nMust match pattern: `^https?://.*`" pattern: "^https?://.*" type: "string" required: @@ -198,14 +198,14 @@ spec: minItems: 1 type: "array" organization: - description: "Organization name where the Workspace will be created. More information: - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/organizations" + description: "Organization name where the Workspace will be created.\nMore information:\n - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/organizations" minLength: 1 type: "string" project: - description: "Projects let you organize your workspaces into groups. Default: default organization project. More information: - https://developer.hashicorp.com/terraform/tutorials/cloud/projects" + description: "Projects let you organize your workspaces into groups.\nDefault: default organization project.\nMore information:\n - https://developer.hashicorp.com/terraform/tutorials/cloud/projects" properties: id: - description: "Project ID. Must match pattern: `^prj-[a-zA-Z0-9]+$`" + description: "Project ID.\nMust match pattern: `^prj-[a-zA-Z0-9]+$`" pattern: "^prj-[a-zA-Z0-9]+$" type: "string" name: @@ -214,19 +214,19 @@ spec: type: "string" type: "object" remoteStateSharing: - description: "Remote state access between workspaces. By default, new workspaces in Terraform Cloud do not allow other workspaces to access their state. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/state#accessing-state-from-other-workspaces" + description: "Remote state access between workspaces.\nBy default, new workspaces in Terraform Cloud do not allow other workspaces to access their state.\nMore information:\n - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/state#accessing-state-from-other-workspaces" properties: allWorkspaces: default: false - description: "Allow access to the state for all workspaces within the same organization. Default: `false`." + description: "Allow access to the state for all workspaces within the same organization.\nDefault: `false`." type: "boolean" workspaces: description: "Allow access to the state for specific workspaces within the same organization." items: - description: "ConsumerWorkspace allows access to the state for specific workspaces within the same organization. Only one of the fields `ID` or `Name` is allowed. At least one of the fields `ID` or `Name` is mandatory. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/state#remote-state-access-controls" + description: "ConsumerWorkspace allows access to the state for specific workspaces within the same organization.\nOnly one of the fields `ID` or `Name` is allowed.\nAt least one of the fields `ID` or `Name` is mandatory.\nMore information:\n - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/state#remote-state-access-controls" properties: id: - description: "Consumer Workspace ID. Must match pattern: `^ws-[a-zA-Z0-9]+$`" + description: "Consumer Workspace ID.\nMust match pattern: `^ws-[a-zA-Z0-9]+$`" pattern: "^ws-[a-zA-Z0-9]+$" type: "string" name: @@ -238,17 +238,17 @@ spec: type: "array" type: "object" runTasks: - description: "Run tasks allow Terraform Cloud to interact with external systems at specific points in the Terraform Cloud run lifecycle. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/run-tasks" + description: "Run tasks allow Terraform Cloud to interact with external systems at specific points in the Terraform Cloud run lifecycle.\nMore information:\n - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/run-tasks" items: - description: "Run tasks allow Terraform Cloud to interact with external systems at specific points in the Terraform Cloud run lifecycle. Only one of the fields `ID` or `Name` is allowed. At least one of the fields `ID` or `Name` is mandatory. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/run-tasks" + description: "Run tasks allow Terraform Cloud to interact with external systems at specific points in the Terraform Cloud run lifecycle.\nOnly one of the fields `ID` or `Name` is allowed.\nAt least one of the fields `ID` or `Name` is mandatory.\nMore information:\n - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/run-tasks" properties: enforcementLevel: default: "advisory" - description: "Run Task Enforcement Level. Can be one of `advisory` or `mandatory`. Default: `advisory`. Must be one of the following values: `advisory`, `mandatory` Default: `advisory`." + description: "Run Task Enforcement Level. Can be one of `advisory` or `mandatory`. Default: `advisory`.\nMust be one of the following values: `advisory`, `mandatory`\nDefault: `advisory`." pattern: "^(advisory|mandatory)$" type: "string" id: - description: "Run Task ID. Must match pattern: `^task-[a-zA-Z0-9]+$`" + description: "Run Task ID.\nMust match pattern: `^task-[a-zA-Z0-9]+$`" pattern: "^task-[a-zA-Z0-9]+$" type: "string" name: @@ -257,19 +257,19 @@ spec: type: "string" stage: default: "post_plan" - description: "Run Task Stage. Must be one of the following values: `pre_apply`, `pre_plan`, `post_plan`. Default: `post_plan`." + description: "Run Task Stage.\nMust be one of the following values: `pre_apply`, `pre_plan`, `post_plan`.\nDefault: `post_plan`." pattern: "^(pre_apply|pre_plan|post_plan)$" type: "string" type: "object" minItems: 1 type: "array" runTriggers: - description: "Run triggers allow you to connect this workspace to one or more source workspaces. These connections allow runs to queue automatically in this workspace on successful apply of runs in any of the source workspaces. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/run-triggers" + description: "Run triggers allow you to connect this workspace to one or more source workspaces.\nThese connections allow runs to queue automatically in this workspace on successful apply of runs in any of the source workspaces.\nMore information:\n - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/run-triggers" items: - description: "RunTrigger allows you to connect this workspace to one or more source workspaces. These connections allow runs to queue automatically in this workspace on successful apply of runs in any of the source workspaces. Only one of the fields `ID` or `Name` is allowed. At least one of the fields `ID` or `Name` is mandatory. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/run-triggers" + description: "RunTrigger allows you to connect this workspace to one or more source workspaces.\nThese connections allow runs to queue automatically in this workspace on successful apply of runs in any of the source workspaces.\nOnly one of the fields `ID` or `Name` is allowed.\nAt least one of the fields `ID` or `Name` is mandatory.\nMore information:\n - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/run-triggers" properties: id: - description: "Source Workspace ID. Must match pattern: `^ws-[a-zA-Z0-9]+$`" + description: "Source Workspace ID.\nMust match pattern: `^ws-[a-zA-Z0-9]+$`" pattern: "^ws-[a-zA-Z0-9]+$" type: "string" name: @@ -280,10 +280,10 @@ spec: minItems: 1 type: "array" sshKey: - description: "SSH key used to clone Terraform modules. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/ssh-keys" + description: "SSH key used to clone Terraform modules.\nMore information:\n - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/ssh-keys" properties: id: - description: "SSH key ID. Must match pattern: `^sshkey-[a-zA-Z0-9]+$`" + description: "SSH key ID.\nMust match pattern: `^sshkey-[a-zA-Z0-9]+$`" pattern: "^sshkey-[a-zA-Z0-9]+$" type: "string" name: @@ -292,58 +292,58 @@ spec: type: "string" type: "object" tags: - description: "Workspace tags are used to help identify and group together workspaces. Tags must be one or more characters; can include letters, numbers, colons, hyphens, and underscores; and must begin and end with a letter or number." + description: "Workspace tags are used to help identify and group together workspaces.\nTags must be one or more characters; can include letters, numbers, colons, hyphens, and underscores; and must begin and end with a letter or number." items: - description: "Tags allows you to correlate, organize, and even filter workspaces based on the assigned tags. Tags must be one or more characters; can include letters, numbers, colons, hyphens, and underscores; and must begin and end with a letter or number. Must match pattern: ^[A-Za-z0-9][A-Za-z0-9:_-]*$" + description: "Tags allows you to correlate, organize, and even filter workspaces based on the assigned tags.\nTags must be one or more characters; can include letters, numbers, colons, hyphens, and underscores; and must begin and end with a letter or number.\nMust match pattern: `^[A-Za-z0-9][A-Za-z0-9:_-]*$`" pattern: "^[A-Za-z0-9][A-Za-z0-9:_-]*$" type: "string" minItems: 1 type: "array" teamAccess: - description: "Terraform Cloud workspaces can only be accessed by users with the correct permissions. You can manage permissions for a workspace on a per-team basis. When a workspace is created, only the owners team and teams with the \"manage workspaces\" permission can access it, with full admin permissions. These teams' access can't be removed from a workspace. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/access" + description: "Terraform Cloud workspaces can only be accessed by users with the correct permissions.\nYou can manage permissions for a workspace on a per-team basis.\nWhen a workspace is created, only the owners team and teams with the \"manage workspaces\" permission can access it,\nwith full admin permissions. These teams' access can't be removed from a workspace.\nMore information:\n - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/access" items: - description: "Terraform Cloud workspaces can only be accessed by users with the correct permissions. You can manage permissions for a workspace on a per-team basis. When a workspace is created, only the owners team and teams with the \"manage workspaces\" permission can access it, with full admin permissions. These teams' access can't be removed from a workspace. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/access" + description: "Terraform Cloud workspaces can only be accessed by users with the correct permissions.\nYou can manage permissions for a workspace on a per-team basis.\nWhen a workspace is created, only the owners team and teams with the \"manage workspaces\" permission can access it,\nwith full admin permissions. These teams' access can't be removed from a workspace.\nMore information:\n - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/access" properties: access: - description: "There are two ways to choose which permissions a given team has on a workspace: fixed permission sets, and custom permissions. Must be one of the following values: `admin`, `custom`, `plan`, `read`, `write`. More information: - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/permissions#workspace-permissions" + description: "There are two ways to choose which permissions a given team has on a workspace: fixed permission sets, and custom permissions.\nMust be one of the following values: `admin`, `custom`, `plan`, `read`, `write`.\nMore information:\n - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/permissions#workspace-permissions" pattern: "^(admin|custom|plan|read|write)$" type: "string" custom: - description: "Custom permissions let you assign specific, finer-grained permissions to a team than the broader fixed permission sets provide. More information: - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/permissions#custom-workspace-permissions" + description: "Custom permissions let you assign specific, finer-grained permissions to a team than the broader fixed permission sets provide.\nMore information:\n - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/permissions#custom-workspace-permissions" properties: runTasks: - description: "Manage Workspace Run Tasks. Default: `false`." + description: "Manage Workspace Run Tasks.\nDefault: `false`." type: "boolean" runs: default: "read" - description: "Run access. Must be one of the following values: `apply`, `plan`, `read`. Default: `read`." + description: "Run access.\nMust be one of the following values: `apply`, `plan`, `read`.\nDefault: `read`." pattern: "^(apply|plan|read)$" type: "string" sentinel: default: "none" - description: "Download Sentinel mocks. Must be one of the following values: `none`, `read`. Default: `none`." + description: "Download Sentinel mocks.\nMust be one of the following values: `none`, `read`.\nDefault: `none`." pattern: "^(none|read)$" type: "string" stateVersions: default: "none" - description: "State access. Must be one of the following values: `none`, `read`, `read-outputs`, `write`. Default: `none`." + description: "State access.\nMust be one of the following values: `none`, `read`, `read-outputs`, `write`.\nDefault: `none`." pattern: "^(none|read|read-outputs|write)$" type: "string" variables: default: "none" - description: "Variable access. Must be one of the following values: `none`, `read`, `write`. Default: `none`." + description: "Variable access.\nMust be one of the following values: `none`, `read`, `write`.\nDefault: `none`." pattern: "^(none|read|write)$" type: "string" workspaceLocking: default: false - description: "Lock/unlock workspace. Default: `false`." + description: "Lock/unlock workspace.\nDefault: `false`." type: "boolean" type: "object" team: - description: "Team to grant access. More information: - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/teams" + description: "Team to grant access.\nMore information:\n - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/teams" properties: id: - description: "Team ID. Must match pattern: `^team-[a-zA-Z0-9]+$`" + description: "Team ID.\nMust match pattern: `^team-[a-zA-Z0-9]+$`" pattern: "^team-[a-zA-Z0-9]+$" type: "string" name: @@ -358,9 +358,9 @@ spec: minItems: 1 type: "array" terraformVariables: - description: "Terraform variables for all plans and applies in this workspace. Variables defined within a workspace always overwrite variables from variable sets that have the same type and the same key. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables#terraform-variables" + description: "Terraform variables for all plans and applies in this workspace.\nVariables defined within a workspace always overwrite variables from variable sets that have the same type and the same key.\nMore information:\n - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables\n - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables#terraform-variables" items: - description: "Variables let you customize configurations, modify Terraform's behavior, and store information like provider credentials. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables" + description: "Variables let you customize configurations, modify Terraform's behavior, and store information like provider credentials.\nMore information:\n - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables" properties: description: description: "Description of the variable." @@ -368,7 +368,7 @@ spec: type: "string" hcl: default: false - description: "Parse this field as HashiCorp Configuration Language (HCL). This allows you to interpolate values at runtime. Default: `false`." + description: "Parse this field as HashiCorp Configuration Language (HCL). This allows you to interpolate values at runtime.\nDefault: `false`." type: "boolean" name: description: "Name of the variable." @@ -376,7 +376,7 @@ spec: type: "string" sensitive: default: false - description: "Sensitive variables are never shown in the UI or API. They may appear in Terraform logs if your configuration is designed to output them. Default: `false`." + description: "Sensitive variables are never shown in the UI or API.\nThey may appear in Terraform logs if your configuration is designed to output them.\nDefault: `false`." type: "boolean" value: description: "Value of the variable." @@ -392,7 +392,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -408,7 +408,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -424,7 +424,7 @@ spec: minItems: 1 type: "array" terraformVersion: - description: "The version of Terraform to use for this workspace. If not specified, the latest available version will be used. Must match pattern: `^\\\\d{1}\\\\.\\\\d{1,2}\\\\.\\\\d{1,2}$` More information: - https://www.terraform.io/cloud-docs/workspaces/settings#terraform-version" + description: "The version of Terraform to use for this workspace.\nIf not specified, the latest available version will be used.\nMust match pattern: `^\\\\d{1}\\\\.\\\\d{1,2}\\\\.\\\\d{1,2}$`\nMore information:\n - https://www.terraform.io/cloud-docs/workspaces/settings#terraform-version" pattern: "^\\d{1}\\.\\d{1,2}\\.\\d{1,2}$" type: "string" token: @@ -437,7 +437,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -450,14 +450,14 @@ spec: - "secretKeyRef" type: "object" versionControl: - description: "Settings for the workspace's VCS repository, enabling the UI/VCS-driven run workflow. Omit this argument to utilize the CLI-driven and API-driven workflows, where runs are not driven by webhooks on your VCS provider. More information: - https://www.terraform.io/cloud-docs/run/ui - https://www.terraform.io/cloud-docs/vcs" + description: "Settings for the workspace's VCS repository, enabling the UI/VCS-driven run workflow.\nOmit this argument to utilize the CLI-driven and API-driven workflows, where runs are not driven by webhooks on your VCS provider.\nMore information:\n - https://www.terraform.io/cloud-docs/run/ui\n - https://www.terraform.io/cloud-docs/vcs" properties: branch: description: "The repository branch that Run will execute from. This defaults to the repository's default branch (e.g. main)." minLength: 1 type: "string" oAuthTokenID: - description: "The VCS Connection (OAuth Connection + Token) to use. Must match pattern: `^ot-[a-zA-Z0-9]+$`" + description: "The VCS Connection (OAuth Connection + Token) to use.\nMust match pattern: `^ot-[a-zA-Z0-9]+$`" pattern: "^ot-[a-zA-Z0-9]+$" type: "string" repository: @@ -466,11 +466,11 @@ spec: type: "string" speculativePlans: default: true - description: "Whether this workspace allows automatic speculative plans on PR. Default: `true`. More information: - https://developer.hashicorp.com/terraform/cloud-docs/run/ui#speculative-plans-on-pull-requests - https://developer.hashicorp.com/terraform/cloud-docs/run/remote-operations#speculative-plans" + description: "Whether this workspace allows automatic speculative plans on PR.\nDefault: `true`.\nMore information:\n - https://developer.hashicorp.com/terraform/cloud-docs/run/ui#speculative-plans-on-pull-requests\n - https://developer.hashicorp.com/terraform/cloud-docs/run/remote-operations#speculative-plans" type: "boolean" type: "object" workingDirectory: - description: "The directory where Terraform will execute, specified as a relative path from the root of the configuration directory. More information: - https://www.terraform.io/cloud-docs/workspaces/settings#terraform-working-directory" + description: "The directory where Terraform will execute, specified as a relative path from the root of the configuration directory.\nMore information:\n - https://www.terraform.io/cloud-docs/workspaces/settings#terraform-working-directory" minLength: 1 type: "string" required: diff --git a/crd-catalog/infinispan/infinispan-operator/infinispan.org/v1/infinispans.yaml b/crd-catalog/infinispan/infinispan-operator/infinispan.org/v1/infinispans.yaml index 05cc3ae5c..2ccdfcb50 100644 --- a/crd-catalog/infinispan/infinispan-operator/infinispan.org/v1/infinispans.yaml +++ b/crd-catalog/infinispan/infinispan-operator/infinispan.org/v1/infinispans.yaml @@ -1509,6 +1509,13 @@ spec: description: "The Operand version to be reconciled" type: "string" type: "object" + operator: + description: "The Operator status" + properties: + pod: + description: "The name of the pod reconciling this resource" + type: "string" + type: "object" podStatus: description: "The Pod's currently in the cluster" properties: diff --git a/crd-catalog/k8up-io/k8up/k8up.io/v1/archives.yaml b/crd-catalog/k8up-io/k8up/k8up.io/v1/archives.yaml index 0a905e46f..5eb464684 100644 --- a/crd-catalog/k8up-io/k8up/k8up.io/v1/archives.yaml +++ b/crd-catalog/k8up-io/k8up/k8up.io/v1/archives.yaml @@ -299,6 +299,42 @@ spec: path: type: "string" type: "object" + tlsOptions: + properties: + caCert: + type: "string" + clientCert: + type: "string" + clientKey: + type: "string" + type: "object" + volumeMounts: + items: + description: "VolumeMount describes a mounting of a Volume within a container." + properties: + mountPath: + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." + type: "string" + mountPropagation: + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." + type: "string" + name: + description: "This must match the Name of a Volume." + type: "string" + readOnly: + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." + type: "boolean" + subPath: + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." + type: "string" + subPathExpr: + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." + type: "string" + required: + - "mountPath" + - "name" + type: "object" + type: "array" type: "object" failedJobsHistoryLimit: description: "FailedJobsHistoryLimit amount of failed jobs to keep for later analysis.\nKeepJobs is used property is not specified." @@ -486,6 +522,42 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "object" + tlsOptions: + properties: + caCert: + type: "string" + clientCert: + type: "string" + clientKey: + type: "string" + type: "object" + volumeMounts: + items: + description: "VolumeMount describes a mounting of a Volume within a container." + properties: + mountPath: + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." + type: "string" + mountPropagation: + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." + type: "string" + name: + description: "This must match the Name of a Volume." + type: "string" + readOnly: + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." + type: "boolean" + subPath: + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." + type: "string" + subPathExpr: + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." + type: "string" + required: + - "mountPath" + - "name" + type: "object" + type: "array" type: "object" snapshot: type: "string" @@ -497,6 +569,98 @@ spec: items: type: "string" type: "array" + volumes: + description: "Volumes List of volumes that can be mounted by containers belonging to the pod." + items: + properties: + configMap: + description: "configMap represents a configMap that should populate this volume" + properties: + defaultMode: + description: "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional specify whether the ConfigMap or its keys must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + name: + description: "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + persistentVolumeClaim: + description: "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + properties: + claimName: + description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + type: "string" + readOnly: + description: "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false." + type: "boolean" + required: + - "claimName" + type: "object" + secret: + description: "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + properties: + defaultMode: + description: "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + optional: + description: "optional field specify whether the Secret or its keys must be defined" + type: "boolean" + secretName: + description: "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + type: "string" + type: "object" + required: + - "name" + type: "object" + type: "array" type: "object" status: description: "Status defines the observed state of a generic K8up job. It is used for the\noperator to determine what to do." diff --git a/crd-catalog/k8up-io/k8up/k8up.io/v1/backups.yaml b/crd-catalog/k8up-io/k8up/k8up.io/v1/backups.yaml index a6c800040..9025860ee 100644 --- a/crd-catalog/k8up-io/k8up/k8up.io/v1/backups.yaml +++ b/crd-catalog/k8up-io/k8up/k8up.io/v1/backups.yaml @@ -303,6 +303,42 @@ spec: path: type: "string" type: "object" + tlsOptions: + properties: + caCert: + type: "string" + clientCert: + type: "string" + clientKey: + type: "string" + type: "object" + volumeMounts: + items: + description: "VolumeMount describes a mounting of a Volume within a container." + properties: + mountPath: + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." + type: "string" + mountPropagation: + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." + type: "string" + name: + description: "This must match the Name of a Volume." + type: "string" + readOnly: + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." + type: "boolean" + subPath: + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." + type: "string" + subPathExpr: + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." + type: "string" + required: + - "mountPath" + - "name" + type: "object" + type: "array" type: "object" failedJobsHistoryLimit: description: "FailedJobsHistoryLimit amount of failed jobs to keep for later analysis.\nKeepJobs is used property is not specified." @@ -449,6 +485,98 @@ spec: items: type: "string" type: "array" + volumes: + description: "Volumes List of volumes that can be mounted by containers belonging to the pod." + items: + properties: + configMap: + description: "configMap represents a configMap that should populate this volume" + properties: + defaultMode: + description: "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional specify whether the ConfigMap or its keys must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + name: + description: "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + persistentVolumeClaim: + description: "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + properties: + claimName: + description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + type: "string" + readOnly: + description: "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false." + type: "boolean" + required: + - "claimName" + type: "object" + secret: + description: "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + properties: + defaultMode: + description: "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + optional: + description: "optional field specify whether the Secret or its keys must be defined" + type: "boolean" + secretName: + description: "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + type: "string" + type: "object" + required: + - "name" + type: "object" + type: "array" type: "object" status: description: "Status defines the observed state of a generic K8up job. It is used for the\noperator to determine what to do." diff --git a/crd-catalog/k8up-io/k8up/k8up.io/v1/checks.yaml b/crd-catalog/k8up-io/k8up/k8up.io/v1/checks.yaml index 47c52694d..239d59245 100644 --- a/crd-catalog/k8up-io/k8up/k8up.io/v1/checks.yaml +++ b/crd-catalog/k8up-io/k8up/k8up.io/v1/checks.yaml @@ -299,6 +299,42 @@ spec: path: type: "string" type: "object" + tlsOptions: + properties: + caCert: + type: "string" + clientCert: + type: "string" + clientKey: + type: "string" + type: "object" + volumeMounts: + items: + description: "VolumeMount describes a mounting of a Volume within a container." + properties: + mountPath: + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." + type: "string" + mountPropagation: + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." + type: "string" + name: + description: "This must match the Name of a Volume." + type: "string" + readOnly: + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." + type: "boolean" + subPath: + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." + type: "string" + subPathExpr: + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." + type: "string" + required: + - "mountPath" + - "name" + type: "object" + type: "array" type: "object" failedJobsHistoryLimit: description: "FailedJobsHistoryLimit amount of failed jobs to keep for later analysis.\nKeepJobs is used property is not specified." @@ -437,6 +473,98 @@ spec: successfulJobsHistoryLimit: description: "SuccessfulJobsHistoryLimit amount of successful jobs to keep for later analysis.\nKeepJobs is used property is not specified." type: "integer" + volumes: + description: "Volumes List of volumes that can be mounted by containers belonging to the pod." + items: + properties: + configMap: + description: "configMap represents a configMap that should populate this volume" + properties: + defaultMode: + description: "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional specify whether the ConfigMap or its keys must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + name: + description: "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + persistentVolumeClaim: + description: "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + properties: + claimName: + description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + type: "string" + readOnly: + description: "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false." + type: "boolean" + required: + - "claimName" + type: "object" + secret: + description: "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + properties: + defaultMode: + description: "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + optional: + description: "optional field specify whether the Secret or its keys must be defined" + type: "boolean" + secretName: + description: "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + type: "string" + type: "object" + required: + - "name" + type: "object" + type: "array" type: "object" status: description: "Status defines the observed state of a generic K8up job. It is used for the\noperator to determine what to do." diff --git a/crd-catalog/k8up-io/k8up/k8up.io/v1/prunes.yaml b/crd-catalog/k8up-io/k8up/k8up.io/v1/prunes.yaml index ccea1d354..b2b3e8136 100644 --- a/crd-catalog/k8up-io/k8up/k8up.io/v1/prunes.yaml +++ b/crd-catalog/k8up-io/k8up/k8up.io/v1/prunes.yaml @@ -299,6 +299,42 @@ spec: path: type: "string" type: "object" + tlsOptions: + properties: + caCert: + type: "string" + clientCert: + type: "string" + clientKey: + type: "string" + type: "object" + volumeMounts: + items: + description: "VolumeMount describes a mounting of a Volume within a container." + properties: + mountPath: + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." + type: "string" + mountPropagation: + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." + type: "string" + name: + description: "This must match the Name of a Volume." + type: "string" + readOnly: + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." + type: "boolean" + subPath: + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." + type: "string" + subPathExpr: + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." + type: "string" + required: + - "mountPath" + - "name" + type: "object" + type: "array" type: "object" failedJobsHistoryLimit: description: "FailedJobsHistoryLimit amount of failed jobs to keep for later analysis.\nKeepJobs is used property is not specified." @@ -464,6 +500,98 @@ spec: successfulJobsHistoryLimit: description: "SuccessfulJobsHistoryLimit amount of successful jobs to keep for later analysis.\nKeepJobs is used property is not specified." type: "integer" + volumes: + description: "Volumes List of volumes that can be mounted by containers belonging to the pod." + items: + properties: + configMap: + description: "configMap represents a configMap that should populate this volume" + properties: + defaultMode: + description: "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional specify whether the ConfigMap or its keys must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + name: + description: "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + persistentVolumeClaim: + description: "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + properties: + claimName: + description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + type: "string" + readOnly: + description: "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false." + type: "boolean" + required: + - "claimName" + type: "object" + secret: + description: "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + properties: + defaultMode: + description: "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + optional: + description: "optional field specify whether the Secret or its keys must be defined" + type: "boolean" + secretName: + description: "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + type: "string" + type: "object" + required: + - "name" + type: "object" + type: "array" type: "object" status: description: "Status defines the observed state of a generic K8up job. It is used for the\noperator to determine what to do." diff --git a/crd-catalog/k8up-io/k8up/k8up.io/v1/restores.yaml b/crd-catalog/k8up-io/k8up/k8up.io/v1/restores.yaml index 011766c9b..383117ff1 100644 --- a/crd-catalog/k8up-io/k8up/k8up.io/v1/restores.yaml +++ b/crd-catalog/k8up-io/k8up/k8up.io/v1/restores.yaml @@ -299,6 +299,42 @@ spec: path: type: "string" type: "object" + tlsOptions: + properties: + caCert: + type: "string" + clientCert: + type: "string" + clientKey: + type: "string" + type: "object" + volumeMounts: + items: + description: "VolumeMount describes a mounting of a Volume within a container." + properties: + mountPath: + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." + type: "string" + mountPropagation: + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." + type: "string" + name: + description: "This must match the Name of a Volume." + type: "string" + readOnly: + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." + type: "boolean" + subPath: + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." + type: "string" + subPathExpr: + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." + type: "string" + required: + - "mountPath" + - "name" + type: "object" + type: "array" type: "object" failedJobsHistoryLimit: description: "FailedJobsHistoryLimit amount of failed jobs to keep for later analysis.\nKeepJobs is used property is not specified." @@ -486,6 +522,42 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "object" + tlsOptions: + properties: + caCert: + type: "string" + clientCert: + type: "string" + clientKey: + type: "string" + type: "object" + volumeMounts: + items: + description: "VolumeMount describes a mounting of a Volume within a container." + properties: + mountPath: + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." + type: "string" + mountPropagation: + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." + type: "string" + name: + description: "This must match the Name of a Volume." + type: "string" + readOnly: + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." + type: "boolean" + subPath: + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." + type: "string" + subPathExpr: + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." + type: "string" + required: + - "mountPath" + - "name" + type: "object" + type: "array" type: "object" snapshot: type: "string" @@ -497,6 +569,98 @@ spec: items: type: "string" type: "array" + volumes: + description: "Volumes List of volumes that can be mounted by containers belonging to the pod." + items: + properties: + configMap: + description: "configMap represents a configMap that should populate this volume" + properties: + defaultMode: + description: "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional specify whether the ConfigMap or its keys must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + name: + description: "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + persistentVolumeClaim: + description: "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + properties: + claimName: + description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + type: "string" + readOnly: + description: "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false." + type: "boolean" + required: + - "claimName" + type: "object" + secret: + description: "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + properties: + defaultMode: + description: "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + optional: + description: "optional field specify whether the Secret or its keys must be defined" + type: "boolean" + secretName: + description: "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + type: "string" + type: "object" + required: + - "name" + type: "object" + type: "array" type: "object" status: description: "Status defines the observed state of a generic K8up job. It is used for the\noperator to determine what to do." diff --git a/crd-catalog/k8up-io/k8up/k8up.io/v1/schedules.yaml b/crd-catalog/k8up-io/k8up/k8up.io/v1/schedules.yaml index 6e034bff1..cf0e83f7f 100644 --- a/crd-catalog/k8up-io/k8up/k8up.io/v1/schedules.yaml +++ b/crd-catalog/k8up-io/k8up/k8up.io/v1/schedules.yaml @@ -290,6 +290,42 @@ spec: path: type: "string" type: "object" + tlsOptions: + properties: + caCert: + type: "string" + clientCert: + type: "string" + clientKey: + type: "string" + type: "object" + volumeMounts: + items: + description: "VolumeMount describes a mounting of a Volume within a container." + properties: + mountPath: + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." + type: "string" + mountPropagation: + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." + type: "string" + name: + description: "This must match the Name of a Volume." + type: "string" + readOnly: + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." + type: "boolean" + subPath: + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." + type: "string" + subPathExpr: + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." + type: "string" + required: + - "mountPath" + - "name" + type: "object" + type: "array" type: "object" concurrentRunsAllowed: type: "boolean" @@ -479,6 +515,42 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "object" + tlsOptions: + properties: + caCert: + type: "string" + clientCert: + type: "string" + clientKey: + type: "string" + type: "object" + volumeMounts: + items: + description: "VolumeMount describes a mounting of a Volume within a container." + properties: + mountPath: + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." + type: "string" + mountPropagation: + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." + type: "string" + name: + description: "This must match the Name of a Volume." + type: "string" + readOnly: + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." + type: "boolean" + subPath: + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." + type: "string" + subPathExpr: + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." + type: "string" + required: + - "mountPath" + - "name" + type: "object" + type: "array" type: "object" schedule: description: "ScheduleDefinition is the actual cron-type expression that defines the interval of the actions." @@ -493,6 +565,98 @@ spec: items: type: "string" type: "array" + volumes: + description: "Volumes List of volumes that can be mounted by containers belonging to the pod." + items: + properties: + configMap: + description: "configMap represents a configMap that should populate this volume" + properties: + defaultMode: + description: "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional specify whether the ConfigMap or its keys must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + name: + description: "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + persistentVolumeClaim: + description: "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + properties: + claimName: + description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + type: "string" + readOnly: + description: "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false." + type: "boolean" + required: + - "claimName" + type: "object" + secret: + description: "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + properties: + defaultMode: + description: "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + optional: + description: "optional field specify whether the Secret or its keys must be defined" + type: "boolean" + secretName: + description: "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + type: "string" + type: "object" + required: + - "name" + type: "object" + type: "array" type: "object" backend: description: "Backend allows configuring several backend implementations.\nIt is expected that users only configure one storage type." @@ -748,6 +912,42 @@ spec: path: type: "string" type: "object" + tlsOptions: + properties: + caCert: + type: "string" + clientCert: + type: "string" + clientKey: + type: "string" + type: "object" + volumeMounts: + items: + description: "VolumeMount describes a mounting of a Volume within a container." + properties: + mountPath: + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." + type: "string" + mountPropagation: + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." + type: "string" + name: + description: "This must match the Name of a Volume." + type: "string" + readOnly: + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." + type: "boolean" + subPath: + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." + type: "string" + subPathExpr: + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." + type: "string" + required: + - "mountPath" + - "name" + type: "object" + type: "array" type: "object" backup: description: "BackupSchedule manages schedules for the backup service" @@ -1010,6 +1210,42 @@ spec: path: type: "string" type: "object" + tlsOptions: + properties: + caCert: + type: "string" + clientCert: + type: "string" + clientKey: + type: "string" + type: "object" + volumeMounts: + items: + description: "VolumeMount describes a mounting of a Volume within a container." + properties: + mountPath: + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." + type: "string" + mountPropagation: + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." + type: "string" + name: + description: "This must match the Name of a Volume." + type: "string" + readOnly: + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." + type: "boolean" + subPath: + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." + type: "string" + subPathExpr: + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." + type: "string" + required: + - "mountPath" + - "name" + type: "object" + type: "array" type: "object" concurrentRunsAllowed: type: "boolean" @@ -1161,6 +1397,98 @@ spec: items: type: "string" type: "array" + volumes: + description: "Volumes List of volumes that can be mounted by containers belonging to the pod." + items: + properties: + configMap: + description: "configMap represents a configMap that should populate this volume" + properties: + defaultMode: + description: "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional specify whether the ConfigMap or its keys must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + name: + description: "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + persistentVolumeClaim: + description: "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + properties: + claimName: + description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + type: "string" + readOnly: + description: "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false." + type: "boolean" + required: + - "claimName" + type: "object" + secret: + description: "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + properties: + defaultMode: + description: "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + optional: + description: "optional field specify whether the Secret or its keys must be defined" + type: "boolean" + secretName: + description: "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + type: "string" + type: "object" + required: + - "name" + type: "object" + type: "array" type: "object" check: description: "CheckSchedule manages the schedules for the checks" @@ -1423,6 +1751,42 @@ spec: path: type: "string" type: "object" + tlsOptions: + properties: + caCert: + type: "string" + clientCert: + type: "string" + clientKey: + type: "string" + type: "object" + volumeMounts: + items: + description: "VolumeMount describes a mounting of a Volume within a container." + properties: + mountPath: + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." + type: "string" + mountPropagation: + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." + type: "string" + name: + description: "This must match the Name of a Volume." + type: "string" + readOnly: + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." + type: "boolean" + subPath: + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." + type: "string" + subPathExpr: + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." + type: "string" + required: + - "mountPath" + - "name" + type: "object" + type: "array" type: "object" concurrentRunsAllowed: type: "boolean" @@ -1566,6 +1930,98 @@ spec: successfulJobsHistoryLimit: description: "SuccessfulJobsHistoryLimit amount of successful jobs to keep for later analysis.\nKeepJobs is used property is not specified." type: "integer" + volumes: + description: "Volumes List of volumes that can be mounted by containers belonging to the pod." + items: + properties: + configMap: + description: "configMap represents a configMap that should populate this volume" + properties: + defaultMode: + description: "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional specify whether the ConfigMap or its keys must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + name: + description: "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + persistentVolumeClaim: + description: "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + properties: + claimName: + description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + type: "string" + readOnly: + description: "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false." + type: "boolean" + required: + - "claimName" + type: "object" + secret: + description: "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + properties: + defaultMode: + description: "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + optional: + description: "optional field specify whether the Secret or its keys must be defined" + type: "boolean" + secretName: + description: "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + type: "string" + type: "object" + required: + - "name" + type: "object" + type: "array" type: "object" failedJobsHistoryLimit: description: "FailedJobsHistoryLimit amount of failed jobs to keep for later analysis.\nKeepJobs is used property is not specified." @@ -1922,6 +2378,42 @@ spec: path: type: "string" type: "object" + tlsOptions: + properties: + caCert: + type: "string" + clientCert: + type: "string" + clientKey: + type: "string" + type: "object" + volumeMounts: + items: + description: "VolumeMount describes a mounting of a Volume within a container." + properties: + mountPath: + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." + type: "string" + mountPropagation: + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." + type: "string" + name: + description: "This must match the Name of a Volume." + type: "string" + readOnly: + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." + type: "boolean" + subPath: + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." + type: "string" + subPathExpr: + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." + type: "string" + required: + - "mountPath" + - "name" + type: "object" + type: "array" type: "object" concurrentRunsAllowed: type: "boolean" @@ -2092,6 +2584,98 @@ spec: successfulJobsHistoryLimit: description: "SuccessfulJobsHistoryLimit amount of successful jobs to keep for later analysis.\nKeepJobs is used property is not specified." type: "integer" + volumes: + description: "Volumes List of volumes that can be mounted by containers belonging to the pod." + items: + properties: + configMap: + description: "configMap represents a configMap that should populate this volume" + properties: + defaultMode: + description: "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional specify whether the ConfigMap or its keys must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + name: + description: "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + persistentVolumeClaim: + description: "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + properties: + claimName: + description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + type: "string" + readOnly: + description: "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false." + type: "boolean" + required: + - "claimName" + type: "object" + secret: + description: "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + properties: + defaultMode: + description: "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + optional: + description: "optional field specify whether the Secret or its keys must be defined" + type: "boolean" + secretName: + description: "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + type: "string" + type: "object" + required: + - "name" + type: "object" + type: "array" type: "object" resourceRequirementsTemplate: description: "ResourceRequirementsTemplate describes the compute resource requirements (cpu, memory, etc.)" @@ -2391,6 +2975,42 @@ spec: path: type: "string" type: "object" + tlsOptions: + properties: + caCert: + type: "string" + clientCert: + type: "string" + clientKey: + type: "string" + type: "object" + volumeMounts: + items: + description: "VolumeMount describes a mounting of a Volume within a container." + properties: + mountPath: + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." + type: "string" + mountPropagation: + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." + type: "string" + name: + description: "This must match the Name of a Volume." + type: "string" + readOnly: + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." + type: "boolean" + subPath: + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." + type: "string" + subPathExpr: + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." + type: "string" + required: + - "mountPath" + - "name" + type: "object" + type: "array" type: "object" concurrentRunsAllowed: type: "boolean" @@ -2580,6 +3200,42 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: "object" + tlsOptions: + properties: + caCert: + type: "string" + clientCert: + type: "string" + clientKey: + type: "string" + type: "object" + volumeMounts: + items: + description: "VolumeMount describes a mounting of a Volume within a container." + properties: + mountPath: + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." + type: "string" + mountPropagation: + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." + type: "string" + name: + description: "This must match the Name of a Volume." + type: "string" + readOnly: + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." + type: "boolean" + subPath: + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." + type: "string" + subPathExpr: + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." + type: "string" + required: + - "mountPath" + - "name" + type: "object" + type: "array" type: "object" schedule: description: "ScheduleDefinition is the actual cron-type expression that defines the interval of the actions." @@ -2594,6 +3250,98 @@ spec: items: type: "string" type: "array" + volumes: + description: "Volumes List of volumes that can be mounted by containers belonging to the pod." + items: + properties: + configMap: + description: "configMap represents a configMap that should populate this volume" + properties: + defaultMode: + description: "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "optional specify whether the ConfigMap or its keys must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + name: + description: "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + persistentVolumeClaim: + description: "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + properties: + claimName: + description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + type: "string" + readOnly: + description: "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false." + type: "boolean" + required: + - "claimName" + type: "object" + secret: + description: "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + properties: + defaultMode: + description: "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + items: + description: "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + items: + description: "Maps a string key to a path within a volume." + properties: + key: + description: "key is the key to project." + type: "string" + mode: + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + format: "int32" + type: "integer" + path: + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + type: "string" + required: + - "key" + - "path" + type: "object" + type: "array" + optional: + description: "optional field specify whether the Secret or its keys must be defined" + type: "boolean" + secretName: + description: "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + type: "string" + type: "object" + required: + - "name" + type: "object" + type: "array" type: "object" successfulJobsHistoryLimit: description: "SuccessfulJobsHistoryLimit amount of successful jobs to keep for later analysis.\nKeepJobs is used property is not specified." diff --git a/crd-catalog/knative/operator/operator.knative.dev/v1beta1/knativeeventings.yaml b/crd-catalog/knative/operator/operator.knative.dev/v1beta1/knativeeventings.yaml index 2126ea675..1a0938d0e 100644 --- a/crd-catalog/knative/operator/operator.knative.dev/v1beta1/knativeeventings.yaml +++ b/crd-catalog/knative/operator/operator.knative.dev/v1beta1/knativeeventings.yaml @@ -727,6 +727,12 @@ spec: description: "A mapping of podDisruptionBudget name to override" items: properties: + maxUnavailable: + anyOf: + - type: "integer" + - type: "string" + description: "An eviction is allowed if at most \"maxUnavailable\" pods selected by \"selector\" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with \"minAvailable\"." + x-kubernetes-int-or-string: true minAvailable: anyOf: - type: "integer" diff --git a/crd-catalog/knative/operator/operator.knative.dev/v1beta1/knativeservings.yaml b/crd-catalog/knative/operator/operator.knative.dev/v1beta1/knativeservings.yaml index 08d1ebd4a..68d9a7a59 100644 --- a/crd-catalog/knative/operator/operator.knative.dev/v1beta1/knativeservings.yaml +++ b/crd-catalog/knative/operator/operator.knative.dev/v1beta1/knativeservings.yaml @@ -868,6 +868,12 @@ spec: description: "A mapping of podDisruptionBudget name to override" items: properties: + maxUnavailable: + anyOf: + - type: "integer" + - type: "string" + description: "An eviction is allowed if at most \"maxUnavailable\" pods selected by \"selector\" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with \"minAvailable\"." + x-kubernetes-int-or-string: true minAvailable: anyOf: - type: "integer" diff --git a/crd-catalog/krestomatio/moodle-operator/m4e.krestomat.io/v1alpha1/moodles.yaml b/crd-catalog/krestomatio/moodle-operator/m4e.krestomat.io/v1alpha1/moodles.yaml index e9a161d33..ad6fd8919 100644 --- a/crd-catalog/krestomatio/moodle-operator/m4e.krestomat.io/v1alpha1/moodles.yaml +++ b/crd-catalog/krestomatio/moodle-operator/m4e.krestomat.io/v1alpha1/moodles.yaml @@ -5,6 +5,9 @@ metadata: spec: group: "m4e.krestomat.io" names: + categories: + - "lms" + - "m4e" kind: "Moodle" listKind: "MoodleList" plural: "moodles" diff --git a/crd-catalog/krestomatio/moodle-operator/m4e.krestomat.io/v1alpha1/nginxes.yaml b/crd-catalog/krestomatio/moodle-operator/m4e.krestomat.io/v1alpha1/nginxes.yaml index 8ba74b877..ded1966dc 100644 --- a/crd-catalog/krestomatio/moodle-operator/m4e.krestomat.io/v1alpha1/nginxes.yaml +++ b/crd-catalog/krestomatio/moodle-operator/m4e.krestomat.io/v1alpha1/nginxes.yaml @@ -5,6 +5,10 @@ metadata: spec: group: "m4e.krestomat.io" names: + categories: + - "lms" + - "m4e" + - "web" kind: "Nginx" listKind: "NginxList" plural: "nginxes" diff --git a/crd-catalog/krestomatio/moodle-operator/m4e.krestomat.io/v1alpha1/phpfpms.yaml b/crd-catalog/krestomatio/moodle-operator/m4e.krestomat.io/v1alpha1/phpfpms.yaml index 463c04131..9286ecc26 100644 --- a/crd-catalog/krestomatio/moodle-operator/m4e.krestomat.io/v1alpha1/phpfpms.yaml +++ b/crd-catalog/krestomatio/moodle-operator/m4e.krestomat.io/v1alpha1/phpfpms.yaml @@ -5,6 +5,10 @@ metadata: spec: group: "m4e.krestomat.io" names: + categories: + - "lms" + - "m4e" + - "web" kind: "Phpfpm" listKind: "PhpfpmList" plural: "phpfpms" diff --git a/crd-catalog/krestomatio/moodle-operator/m4e.krestomat.io/v1alpha1/routines.yaml b/crd-catalog/krestomatio/moodle-operator/m4e.krestomat.io/v1alpha1/routines.yaml index 8a063b679..da1219276 100644 --- a/crd-catalog/krestomatio/moodle-operator/m4e.krestomat.io/v1alpha1/routines.yaml +++ b/crd-catalog/krestomatio/moodle-operator/m4e.krestomat.io/v1alpha1/routines.yaml @@ -5,6 +5,9 @@ metadata: spec: group: "m4e.krestomat.io" names: + categories: + - "lms" + - "m4e" kind: "Routine" listKind: "RoutineList" plural: "routines" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsclusters.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsclusters.yaml index 308214e0c..fc4c9986c 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsclusters.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsclusters.yaml @@ -144,10 +144,15 @@ spec: x-kubernetes-list-type: "map" id: description: "id of the loadbalancer" + maxLength: 64 + minLength: 1 + pattern: "^[-0-9a-z_]+$" type: "string" name: description: "Name sets the name of the VPC load balancer." maxLength: 63 + minLength: 1 + pattern: "^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$" type: "string" public: default: true @@ -214,6 +219,9 @@ spec: type: "string" name: description: "name of resource." + maxLength: 63 + minLength: 1 + pattern: "^([a-zA-Z]|[a-zA-Z][-_a-zA-Z0-9]*[a-zA-Z0-9])$" type: "string" type: "object" vpc: @@ -221,11 +229,15 @@ spec: properties: id: description: "id of resource." + maxLength: 64 minLength: 1 + pattern: "^[-0-9a-z_]+$" type: "string" name: description: "name of resource." + maxLength: 63 minLength: 1 + pattern: "^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$" type: "string" region: description: "region of IBM Cloud VPC.\nwhen powervs.cluster.x-k8s.io/create-infra=true annotation is set on IBMPowerVSCluster resource,\nit is expected to set the region, not setting will result in webhook error." @@ -239,8 +251,14 @@ spec: cidr: type: "string" id: + maxLength: 64 + minLength: 1 + pattern: "^[-0-9a-z_]+$" type: "string" name: + maxLength: 63 + minLength: 1 + pattern: "^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$" type: "string" zone: type: "string" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsclustertemplates.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsclustertemplates.yaml index 986b72021..ebe7793fb 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsclustertemplates.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsclustertemplates.yaml @@ -150,10 +150,15 @@ spec: x-kubernetes-list-type: "map" id: description: "id of the loadbalancer" + maxLength: 64 + minLength: 1 + pattern: "^[-0-9a-z_]+$" type: "string" name: description: "Name sets the name of the VPC load balancer." maxLength: 63 + minLength: 1 + pattern: "^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$" type: "string" public: default: true @@ -220,6 +225,9 @@ spec: type: "string" name: description: "name of resource." + maxLength: 63 + minLength: 1 + pattern: "^([a-zA-Z]|[a-zA-Z][-_a-zA-Z0-9]*[a-zA-Z0-9])$" type: "string" type: "object" vpc: @@ -227,11 +235,15 @@ spec: properties: id: description: "id of resource." + maxLength: 64 minLength: 1 + pattern: "^[-0-9a-z_]+$" type: "string" name: description: "name of resource." + maxLength: 63 minLength: 1 + pattern: "^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$" type: "string" region: description: "region of IBM Cloud VPC.\nwhen powervs.cluster.x-k8s.io/create-infra=true annotation is set on IBMPowerVSCluster resource,\nit is expected to set the region, not setting will result in webhook error." @@ -245,8 +257,14 @@ spec: cidr: type: "string" id: + maxLength: 64 + minLength: 1 + pattern: "^[-0-9a-z_]+$" type: "string" name: + maxLength: 63 + minLength: 1 + pattern: "^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$" type: "string" zone: type: "string" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmvpcclusters.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmvpcclusters.yaml index 897f926f5..b6b2ef024 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmvpcclusters.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmvpcclusters.yaml @@ -77,10 +77,15 @@ spec: x-kubernetes-list-type: "map" id: description: "id of the loadbalancer" + maxLength: 64 + minLength: 1 + pattern: "^[-0-9a-z_]+$" type: "string" name: description: "Name sets the name of the VPC load balancer." maxLength: 63 + minLength: 1 + pattern: "^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$" type: "string" public: default: true @@ -148,8 +153,14 @@ spec: cidr: type: "string" id: + maxLength: 64 + minLength: 1 + pattern: "^[-0-9a-z_]+$" type: "string" name: + maxLength: 63 + minLength: 1 + pattern: "^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$" type: "string" zone: type: "string" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspheremachines.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspheremachines.yaml index d1408a11c..ed2fd7fc4 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspheremachines.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspheremachines.yaml @@ -294,6 +294,9 @@ spec: items: description: "PCIDeviceSpec defines virtual machine's PCI configuration." properties: + customLabel: + description: "CustomLabel is the hardware label of a virtual machine's PCI device. Defaults to the eponymous property value in the template from which the virtual machine is cloned." + type: "string" deviceId: description: "DeviceID is the device ID of a virtual machine's PCI, in integer. Defaults to the eponymous property value in the template from which the virtual machine is cloned." format: "int32" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspheremachinetemplates.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspheremachinetemplates.yaml index 2ead37596..a0af34c36 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspheremachinetemplates.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspheremachinetemplates.yaml @@ -292,6 +292,9 @@ spec: items: description: "PCIDeviceSpec defines virtual machine's PCI configuration." properties: + customLabel: + description: "CustomLabel is the hardware label of a virtual machine's PCI device. Defaults to the eponymous property value in the template from which the virtual machine is cloned." + type: "string" deviceId: description: "DeviceID is the device ID of a virtual machine's PCI, in integer. Defaults to the eponymous property value in the template from which the virtual machine is cloned." format: "int32" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspherevms.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspherevms.yaml index 809d129d2..6220cbbd1 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspherevms.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspherevms.yaml @@ -298,6 +298,9 @@ spec: items: description: "PCIDeviceSpec defines virtual machine's PCI configuration." properties: + customLabel: + description: "CustomLabel is the hardware label of a virtual machine's PCI device. Defaults to the eponymous property value in the template from which the virtual machine is cloned." + type: "string" deviceId: description: "DeviceID is the device ID of a virtual machine's PCI, in integer. Defaults to the eponymous property value in the template from which the virtual machine is cloned." format: "int32" diff --git a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/clusters.yaml b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/clusters.yaml index 0f085d736..fa6fdc869 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/clusters.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/clusters.yaml @@ -567,7 +567,7 @@ spec: type: "object" type: "array" controlPlaneReady: - description: "ControlPlaneReady defines if the control plane is ready." + description: "ControlPlaneReady denotes if the control plane became ready during initial provisioning\nto receive requests.\nNOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning.\nThe value of this field is never updated after provisioning is completed. Please use conditions\nto check the operational state of the control plane." type: "boolean" failureDomains: additionalProperties: diff --git a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinehealthchecks.yaml b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinehealthchecks.yaml index f600c2300..f2ab35db7 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinehealthchecks.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinehealthchecks.yaml @@ -143,7 +143,6 @@ spec: - "timeout" - "type" type: "object" - minItems: 1 type: "array" unhealthyRange: description: "Any further remediation is only allowed if the number of machines selected by \"selector\" as not healthy\nis within the range of \"UnhealthyRange\". Takes precedence over MaxUnhealthy.\nEg. \"[3-5]\" - This means that remediation will be allowed only when:\n(a) there are at least 3 unhealthy machines (and)\n(b) there are at most 5 unhealthy machines" @@ -152,7 +151,6 @@ spec: required: - "clusterName" - "selector" - - "unhealthyConditions" type: "object" status: description: "Most recently observed status of MachineHealthCheck resource" diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/gatewayclasses.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/gatewayclasses.yaml index fcdc9e82a..410474292 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/gatewayclasses.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/gatewayclasses.yaml @@ -63,7 +63,7 @@ spec: maxLength: 64 type: "string" parametersRef: - description: "ParametersRef is a reference to a resource that contains the configuration\nparameters corresponding to the GatewayClass. This is optional if the\ncontroller does not require any additional configuration.\n\n\nParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,\nor an implementation-specific custom resource. The resource can be\ncluster-scoped or namespace-scoped.\n\n\nIf the referent cannot be found, the GatewayClass's \"InvalidParameters\"\nstatus condition will be true.\n\n\nSupport: Implementation-specific" + description: "ParametersRef is a reference to a resource that contains the configuration\nparameters corresponding to the GatewayClass. This is optional if the\ncontroller does not require any additional configuration.\n\n\nParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,\nor an implementation-specific custom resource. The resource can be\ncluster-scoped or namespace-scoped.\n\n\nIf the referent cannot be found, the GatewayClass's \"InvalidParameters\"\nstatus condition will be true.\n\n\nA Gateway for this GatewayClass may provide its own `parametersRef`. When both are specified,\nthe merging behavior is implementation specific.\nIt is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.\n\n\nSupport: Implementation-specific" properties: group: description: "Group is the group of the referent." diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/gateways.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/gateways.yaml index 22487dfd9..9ec9cab4b 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/gateways.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/gateways.yaml @@ -118,6 +118,30 @@ spec: description: "Labels that SHOULD be applied to any resources created in response to this Gateway.\n\n\nFor implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources.\nFor other implementations, this refers to any relevant (implementation specific) \"labels\" concepts.\n\n\nAn implementation may chose to add additional implementation-specific labels as they see fit.\n\n\nSupport: Extended" maxProperties: 8 type: "object" + parametersRef: + description: "ParametersRef is a reference to a resource that contains the configuration\nparameters corresponding to the Gateway. This is optional if the\ncontroller does not require any additional configuration.\n\n\nThis follows the same semantics as GatewayClass's `parametersRef`, but on a per-Gateway basis\n\n\nThe Gateway's GatewayClass may provide its own `parametersRef`. When both are specified,\nthe merging behavior is implementation specific.\nIt is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.\n\n\nSupport: Implementation-specific" + properties: + group: + description: "Group is the group of the referent." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + kind: + description: "Kind is kind of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" + type: "string" + name: + description: "Name is the name of the referent." + maxLength: 253 + minLength: 1 + type: "string" + required: + - "group" + - "kind" + - "name" + type: "object" type: "object" listeners: description: "Listeners associated with this Gateway. Listeners define\nlogical endpoints that are bound on this Gateway's addresses.\nAt least one Listener MUST be specified.\n\n\nEach Listener in a set of Listeners (for example, in a single Gateway)\nMUST be _distinct_, in that a traffic flow MUST be able to be assigned to\nexactly one listener. (This section uses \"set of Listeners\" rather than\n\"Listeners in a single Gateway\" because implementations MAY merge configuration\nfrom multiple Gateways onto a single data plane, and these rules _also_\napply in that case).\n\n\nPractically, this means that each listener in a set MUST have a unique\ncombination of Port, Protocol, and, if supported by the protocol, Hostname.\n\n\nSome combinations of port, protocol, and TLS settings are considered\nCore support and MUST be supported by implementations based on their\ntargeted conformance profile:\n\n\nHTTP Profile\n\n\n1. HTTPRoute, Port: 80, Protocol: HTTP\n2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided\n\n\nTLS Profile\n\n\n1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough\n\n\n\"Distinct\" Listeners have the following property:\n\n\nThe implementation can match inbound requests to a single distinct\nListener. When multiple Listeners share values for fields (for\nexample, two Listeners with the same Port value), the implementation\ncan match requests to only one of the Listeners using other\nListener fields.\n\n\nFor example, the following Listener scenarios are distinct:\n\n\n1. Multiple Listeners with the same Port that all use the \"HTTP\"\n Protocol that all have unique Hostname values.\n2. Multiple Listeners with the same Port that use either the \"HTTPS\" or\n \"TLS\" Protocol that all have unique Hostname values.\n3. A mixture of \"TCP\" and \"UDP\" Protocol Listeners, where no Listener\n with the same Protocol has the same Port value.\n\n\nSome fields in the Listener struct have possible values that affect\nwhether the Listener is distinct. Hostname is particularly relevant\nfor HTTP or HTTPS protocols.\n\n\nWhen using the Hostname value to select between same-Port, same-Protocol\nListeners, the Hostname value must be different on each Listener for the\nListener to be distinct.\n\n\nWhen the Listeners are distinct based on Hostname, inbound request\nhostnames MUST match from the most specific to least specific Hostname\nvalues to choose the correct Listener and its associated set of Routes.\n\n\nExact matches must be processed before wildcard matches, and wildcard\nmatches must be processed before fallback (empty Hostname value)\nmatches. For example, `\"foo.example.com\"` takes precedence over\n`\"*.example.com\"`, and `\"*.example.com\"` takes precedence over `\"\"`.\n\n\nAdditionally, if there are multiple wildcard entries, more specific\nwildcard entries must be processed before less specific wildcard entries.\nFor example, `\"*.foo.example.com\"` takes precedence over `\"*.example.com\"`.\nThe precise definition here is that the higher the number of dots in the\nhostname to the right of the wildcard character, the higher the precedence.\n\n\nThe wildcard character will match any number of characters _and dots_ to\nthe left, however, so `\"*.example.com\"` will match both\n`\"foo.bar.example.com\"` _and_ `\"bar.example.com\"`.\n\n\nIf a set of Listeners contains Listeners that are not distinct, then those\nListeners are Conflicted, and the implementation MUST set the \"Conflicted\"\ncondition in the Listener Status to \"True\".\n\n\nImplementations MAY choose to accept a Gateway with some Conflicted\nListeners only if they only accept the partial Listener set that contains\nno Conflicted Listeners. To put this another way, implementations may\naccept a partial Listener set only if they throw out *all* the conflicting\nListeners. No picking one of the conflicting listeners as the winner.\nThis also means that the Gateway must have at least one non-conflicting\nListener in this case, otherwise it violates the requirement that at\nleast one Listener must be present.\n\n\nThe implementation MUST set a \"ListenersNotValid\" condition on the\nGateway Status when the Gateway contains Conflicted Listeners whether or\nnot they accept the Gateway. That Condition SHOULD clearly\nindicate in the Message which Listeners are conflicted, and which are\nAccepted. Additionally, the Listener status for those listeners SHOULD\nindicate which Listeners are conflicted and not Accepted.\n\n\nA Gateway's Listeners are considered \"compatible\" if:\n\n\n1. They are distinct.\n2. The implementation can serve them in compliance with the Addresses\n requirement that all Listeners are available on all assigned\n addresses.\n\n\nCompatible combinations in Extended support are expected to vary across\nimplementations. A combination that is compatible for one implementation\nmay not be compatible for another.\n\n\nFor example, an implementation that cannot serve both TCP and UDP listeners\non the same address, or cannot mix HTTPS and generic TLS listens on the same port\nwould not consider those cases compatible, even though they are distinct.\n\n\nNote that requests SHOULD match at most one Listener. For example, if\nListeners are defined for \"foo.example.com\" and \"*.example.com\", a\nrequest to \"foo.example.com\" SHOULD only be routed using routes attached\nto the \"foo.example.com\" Listener (and not the \"*.example.com\" Listener).\nThis concept is known as \"Listener Isolation\". Implementations that do\nnot support Listener Isolation MUST clearly document this.\n\n\nImplementations MAY merge separate Gateways onto a single set of\nAddresses if all Listeners across all Gateways are compatible.\n\n\nSupport: Core" @@ -259,6 +283,45 @@ spec: type: "object" maxItems: 64 type: "array" + frontendValidation: + description: "FrontendValidation holds configuration information for validating the frontend (client).\nSetting this field will require clients to send a client certificate\nrequired for validation during the TLS handshake. In browsers this may result in a dialog appearing\nthat requests a user to specify the client certificate.\nThe maximum depth of a certificate chain accepted in verification is Implementation specific.\n\n\nSupport: Extended\n\n\n" + properties: + caCertificateRefs: + description: "CACertificateRefs contains one or more references to\nKubernetes objects that contain TLS certificates of\nthe Certificate Authorities that can be used\nas a trust anchor to validate the certificates presented by the client.\n\n\nA single CA certificate reference to a Kubernetes ConfigMap\nhas \"Core\" support.\nImplementations MAY choose to support attaching multiple CA certificates to\na Listener, but this behavior is implementation-specific.\n\n\nSupport: Core - A single reference to a Kubernetes ConfigMap\nwith the CA certificate in a key named `ca.crt`.\n\n\nSupport: Implementation-specific (More than one reference, or other kinds\nof resources).\n\n\nReferences to a resource in a different namespace are invalid UNLESS there\nis a ReferenceGrant in the target namespace that allows the certificate\nto be attached. If a ReferenceGrant does not allow this reference, the\n\"ResolvedRefs\" condition MUST be set to False for this listener with the\n\"RefNotPermitted\" reason." + items: + description: "ObjectReference identifies an API object including its namespace.\n\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid.\n\n\nReferences to objects with invalid Group and Kind are not valid, and must\nbe rejected by the implementation, with appropriate Conditions set\non the containing object." + properties: + group: + description: "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + kind: + description: "Kind is kind of the referent. For example \"ConfigMap\" or \"Service\"." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" + type: "string" + name: + description: "Name is the name of the referent." + maxLength: 253 + minLength: 1 + type: "string" + namespace: + description: "Namespace is the namespace of the referenced object. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" + type: "string" + required: + - "group" + - "kind" + - "name" + type: "object" + maxItems: 8 + minItems: 1 + type: "array" + type: "object" mode: default: "Terminate" description: "Mode defines the TLS behavior for the TLS session initiated by the client.\nThere are two possible modes:\n\n\n- Terminate: The TLS session between the downstream client and the\n Gateway is terminated at the Gateway. This mode requires certificates\n to be specified in some way, such as populating the certificateRefs\n field.\n- Passthrough: The TLS session is NOT terminated by the Gateway. This\n implies that the Gateway can't decipher the TLS stream except for\n the ClientHello message of the TLS protocol. The certificateRefs field\n is ignored in this mode.\n\n\nSupport: Core" diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/grpcroutes.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/grpcroutes.yaml new file mode 100644 index 000000000..2767aa8b6 --- /dev/null +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/grpcroutes.yaml @@ -0,0 +1,813 @@ +apiVersion: "apiextensions.k8s.io/v1" +kind: "CustomResourceDefinition" +metadata: + annotations: + api-approved.kubernetes.io: "https://github.com/kubernetes-sigs/gateway-api/pull/2466" + gateway.networking.k8s.io/bundle-version: "v1.0.0" + gateway.networking.k8s.io/channel: "experimental" + name: "grpcroutes.gateway.networking.k8s.io" +spec: + group: "gateway.networking.k8s.io" + names: + categories: + - "gateway-api" + kind: "GRPCRoute" + listKind: "GRPCRouteList" + plural: "grpcroutes" + singular: "grpcroute" + scope: "Namespaced" + versions: + - additionalPrinterColumns: + - jsonPath: ".spec.hostnames" + name: "Hostnames" + type: "string" + - jsonPath: ".metadata.creationTimestamp" + name: "Age" + type: "date" + name: "v1" + schema: + openAPIV3Schema: + description: "GRPCRoute provides a way to route gRPC requests. This includes the capability\nto match requests by hostname, gRPC service, gRPC method, or HTTP/2 header.\nFilters can be used to specify additional processing steps. Backends specify\nwhere matching requests will be routed.\n\n\nGRPCRoute falls under extended support within the Gateway API. Within the\nfollowing specification, the word \"MUST\" indicates that an implementation\nsupporting GRPCRoute must conform to the indicated requirement, but an\nimplementation not supporting this route type need not follow the requirement\nunless explicitly indicated.\n\n\nImplementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST\naccept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via\nALPN. If the implementation does not support this, then it MUST set the\n\"Accepted\" condition to \"False\" for the affected listener with a reason of\n\"UnsupportedProtocol\". Implementations MAY also accept HTTP/2 connections\nwith an upgrade from HTTP/1.\n\n\nImplementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST\nsupport HTTP/2 over cleartext TCP (h2c,\nhttps://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial\nupgrade from HTTP/1.1, i.e. with prior knowledge\n(https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation\ndoes not support this, then it MUST set the \"Accepted\" condition to \"False\"\nfor the affected listener with a reason of \"UnsupportedProtocol\".\nImplementations MAY also accept HTTP/2 connections with an upgrade from\nHTTP/1, i.e. without prior knowledge." + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: "string" + kind: + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + metadata: + type: "object" + spec: + description: "Spec defines the desired state of GRPCRoute." + properties: + hostnames: + description: "Hostnames defines a set of hostnames to match against the GRPC\nHost header to select a GRPCRoute to process the request. This matches\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\n\n\n1. IPs are not allowed.\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label MUST appear by itself as the first label.\n\n\nIf a hostname is specified by both the Listener and GRPCRoute, there\nMUST be at least one intersecting hostname for the GRPCRoute to be\nattached to the Listener. For example:\n\n\n* A Listener with `test.example.com` as the hostname matches GRPCRoutes\n that have either not specified any hostnames, or have specified at\n least one of `test.example.com` or `*.example.com`.\n* A Listener with `*.example.com` as the hostname matches GRPCRoutes\n that have either not specified any hostnames or have specified at least\n one hostname that matches the Listener hostname. For example,\n `test.example.com` and `*.example.com` would both match. On the other\n hand, `example.com` and `test.example.net` would not match.\n\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\n\nIf both the Listener and GRPCRoute have specified hostnames, any\nGRPCRoute hostnames that do not match the Listener hostname MUST be\nignored. For example, if a Listener specified `*.example.com`, and the\nGRPCRoute specified `test.example.com` and `test.example.net`,\n`test.example.net` MUST NOT be considered for a match.\n\n\nIf both the Listener and GRPCRoute have specified hostnames, and none\nmatch with the criteria above, then the GRPCRoute MUST NOT be accepted by\nthe implementation. The implementation MUST raise an 'Accepted' Condition\nwith a status of `False` in the corresponding RouteParentStatus.\n\n\nIf a Route (A) of type HTTPRoute or GRPCRoute is attached to a\nListener and that listener already has another Route (B) of the other\ntype attached and the intersection of the hostnames of A and B is\nnon-empty, then the implementation MUST accept exactly one of these two\nroutes, determined by the following criteria, in order:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nThe rejected Route MUST raise an 'Accepted' condition with a status of\n'False' in the corresponding RouteParentStatus.\n\n\nSupport: Core" + items: + description: "Hostname is the fully qualified domain name of a network host. This matches\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\n\n\n 1. IPs are not allowed.\n 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label must appear by itself as the first label.\n\n\nHostname can be \"precise\" which is a domain name without the terminating\ndot of a network host (e.g. \"foo.example.com\") or \"wildcard\", which is a\ndomain name prefixed with a single wildcard label (e.g. `*.example.com`).\n\n\nNote that as per RFC1035 and RFC1123, a *label* must consist of lower case\nalphanumeric characters or '-', and must start and end with an alphanumeric\ncharacter. No other punctuation is allowed." + maxLength: 253 + minLength: 1 + pattern: "^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + maxItems: 16 + type: "array" + parentRefs: + description: "ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" + items: + description: "ParentReference identifies an API object (usually a Gateway) that can be considered\na parent of this resource (usually a route). There are two kinds of parent resources\nwith \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid." + properties: + group: + default: "gateway.networking.k8s.io" + description: "Group is the group of the referent.\nWhen unspecified, \"gateway.networking.k8s.io\" is inferred.\nTo set the core API group (such as for a \"Service\" kind referent),\nGroup must be explicitly set to \"\" (empty string).\n\n\nSupport: Core" + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + kind: + default: "Gateway" + description: "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" + type: "string" + name: + description: "Name is the name of the referent.\n\n\nSupport: Core" + maxLength: 253 + minLength: 1 + type: "string" + namespace: + description: "Namespace is the namespace of the referent. When unspecified, this refers\nto the local namespace of the Route.\n\n\nNote that there are specific rules for ParentRefs which cross namespace\nboundaries. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example:\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable any other kind of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\nSupport: Core" + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" + type: "string" + port: + description: "Port is the network port this Route targets. It can be interpreted\ndifferently based on the type of parent resource.\n\n\nWhen the parent resource is a Gateway, this targets all listeners\nlistening on the specified port that also support this kind of Route(and\nselect this Route). It's not recommended to set `Port` unless the\nnetworking behaviors specified in a Route must apply to a specific port\nas opposed to a listener(s) whose port(s) may be changed. When both Port\nand SectionName are specified, the name and port of the selected listener\nmust match both specified values.\n\n\n\nWhen the parent resource is a Service, this targets a specific port in the\nService spec. When both Port (experimental) and SectionName are specified,\nthe name and port of the selected port must match both specified values.\n\n\n\nImplementations MAY choose to support other parent resources.\nImplementations supporting other types of parent resources MUST clearly\ndocument how/if Port is interpreted.\n\n\nFor the purpose of status, an attachment is considered successful as\nlong as the parent resource accepts it partially. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\nfrom the referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route,\nthe Route MUST be considered detached from the Gateway.\n\n\nSupport: Extended" + format: "int32" + maximum: 65535.0 + minimum: 1.0 + type: "integer" + sectionName: + description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + required: + - "name" + type: "object" + maxItems: 32 + type: "array" + x-kubernetes-validations: + - message: "sectionName or port must be specified when parentRefs includes 2 or more references to the same parent" + rule: "self.all(p1, self.all(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && p1.__namespace__ == p2.__namespace__)) ? ((!has(p1.sectionName) || p1.sectionName == '') == (!has(p2.sectionName) || p2.sectionName == '') && (!has(p1.port) || p1.port == 0) == (!has(p2.port) || p2.port == 0)): true))" + - message: "sectionName or port must be unique when parentRefs includes 2 or more references to the same parent" + rule: "self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName) || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName == '')) || ( has(p1.sectionName) && has(p2.sectionName) && p1.sectionName == p2.sectionName)) && (((!has(p1.port) || p1.port == 0) && (!has(p2.port) || p2.port == 0)) || (has(p1.port) && has(p2.port) && p1.port == p2.port))))" + rules: + description: "Rules are a list of GRPC matchers, filters and actions." + items: + description: "GRPCRouteRule defines the semantics for matching a gRPC request based on\nconditions (matches), processing it (filters), and forwarding the request to\nan API object (backendRefs)." + properties: + backendRefs: + description: "BackendRefs defines the backend(s) where matching requests should be\nsent.\n\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive an `UNAVAILABLE` status.\n\n\nSee the GRPCBackendRef definition for the rules about what makes a single\nGRPCBackendRef invalid.\n\n\nWhen a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive an `UNAVAILABLE` status.\n\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.\nImplementations may choose how that 50 percent is determined.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Core" + items: + description: "GRPCBackendRef defines how a GRPCRoute forwards a gRPC request.\n\n\nNote that when a namespace different than the local namespace is specified, a\nReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\n\n\n\nWhen the BackendRef points to a Kubernetes Service, implementations SHOULD\nhonor the appProtocol field if it is set for the target Service Port.\n\n\nImplementations supporting appProtocol SHOULD recognize the Kubernetes\nStandard Application Protocols defined in KEP-3726.\n\n\nIf a Service appProtocol isn't specified, an implementation MAY infer the\nbackend protocol through its own means. Implementations MAY infer the\nprotocol from the Route type referring to the backend Service.\n\n\nIf a Route is not able to send traffic to the backend using the specified\nprotocol then the backend is considered invalid. Implementations MUST set the\n\"ResolvedRefs\" condition to \"False\" with the \"UnsupportedProtocol\" reason.\n\n\n" + properties: + filters: + description: "Filters defined at this level MUST be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in GRPCRouteRule.)" + items: + description: "GRPCRouteFilter defines processing steps that must be completed during the\nrequest or response lifecycle. GRPCRouteFilters are meant as an extension\npoint to express processing that may be done in Gateway implementations. Some\nexamples include request or response modification, implementing\nauthentication strategies, rate-limiting, and traffic shaping. API\nguarantee/conformance is defined based on the type of the filter." + properties: + extensionRef: + description: "ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\n\nSupport: Implementation-specific\n\n\nThis filter can be used multiple times within the same rule." + properties: + group: + description: "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + kind: + description: "Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" + type: "string" + name: + description: "Name is the name of the referent." + maxLength: 253 + minLength: 1 + type: "string" + required: + - "group" + - "kind" + - "name" + type: "object" + requestHeaderModifier: + description: "RequestHeaderModifier defines a schema for a filter that modifies request\nheaders.\n\n\nSupport: Core" + properties: + add: + description: "Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + items: + description: "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230." + properties: + name: + description: "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + maxLength: 256 + minLength: 1 + pattern: "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" + type: "string" + value: + description: "Value is the value of HTTP Header to be matched." + maxLength: 4096 + minLength: 1 + type: "string" + required: + - "name" + - "value" + type: "object" + maxItems: 16 + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + remove: + description: "Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + items: + type: "string" + maxItems: 16 + type: "array" + x-kubernetes-list-type: "set" + set: + description: "Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + items: + description: "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230." + properties: + name: + description: "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + maxLength: 256 + minLength: 1 + pattern: "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" + type: "string" + value: + description: "Value is the value of HTTP Header to be matched." + maxLength: 4096 + minLength: 1 + type: "string" + required: + - "name" + - "value" + type: "object" + maxItems: 16 + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + type: "object" + requestMirror: + description: "RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended" + properties: + backendRef: + description: "BackendRef references a resource where mirrored requests are sent.\n\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource" + properties: + group: + default: "" + description: "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + kind: + default: "Service" + description: "Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)" + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" + type: "string" + name: + description: "Name is the name of the referent." + maxLength: 253 + minLength: 1 + type: "string" + namespace: + description: "Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" + type: "string" + port: + description: "Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field." + format: "int32" + maximum: 65535.0 + minimum: 1.0 + type: "integer" + required: + - "name" + type: "object" + x-kubernetes-validations: + - message: "Must have port for Service reference" + rule: "(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" + required: + - "backendRef" + type: "object" + responseHeaderModifier: + description: "ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\n\nSupport: Extended" + properties: + add: + description: "Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + items: + description: "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230." + properties: + name: + description: "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + maxLength: 256 + minLength: 1 + pattern: "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" + type: "string" + value: + description: "Value is the value of HTTP Header to be matched." + maxLength: 4096 + minLength: 1 + type: "string" + required: + - "name" + - "value" + type: "object" + maxItems: 16 + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + remove: + description: "Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + items: + type: "string" + maxItems: 16 + type: "array" + x-kubernetes-list-type: "set" + set: + description: "Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + items: + description: "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230." + properties: + name: + description: "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + maxLength: 256 + minLength: 1 + pattern: "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" + type: "string" + value: + description: "Value is the value of HTTP Header to be matched." + maxLength: 4096 + minLength: 1 + type: "string" + required: + - "name" + - "value" + type: "object" + maxItems: 16 + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + type: "object" + type: + description: "Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations supporting GRPCRoute MUST support core filters.\n\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n\n- Implementation-specific: Filters that are defined and supported by specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` MUST be set to\n \"ExtensionRef\" for custom filters.\n\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.\n\n\n" + enum: + - "ResponseHeaderModifier" + - "RequestHeaderModifier" + - "RequestMirror" + - "ExtensionRef" + type: "string" + required: + - "type" + type: "object" + x-kubernetes-validations: + - message: "filter.requestHeaderModifier must be nil if the filter.type is not RequestHeaderModifier" + rule: "!(has(self.requestHeaderModifier) && self.type != 'RequestHeaderModifier')" + - message: "filter.requestHeaderModifier must be specified for RequestHeaderModifier filter.type" + rule: "!(!has(self.requestHeaderModifier) && self.type == 'RequestHeaderModifier')" + - message: "filter.responseHeaderModifier must be nil if the filter.type is not ResponseHeaderModifier" + rule: "!(has(self.responseHeaderModifier) && self.type != 'ResponseHeaderModifier')" + - message: "filter.responseHeaderModifier must be specified for ResponseHeaderModifier filter.type" + rule: "!(!has(self.responseHeaderModifier) && self.type == 'ResponseHeaderModifier')" + - message: "filter.requestMirror must be nil if the filter.type is not RequestMirror" + rule: "!(has(self.requestMirror) && self.type != 'RequestMirror')" + - message: "filter.requestMirror must be specified for RequestMirror filter.type" + rule: "!(!has(self.requestMirror) && self.type == 'RequestMirror')" + - message: "filter.extensionRef must be nil if the filter.type is not ExtensionRef" + rule: "!(has(self.extensionRef) && self.type != 'ExtensionRef')" + - message: "filter.extensionRef must be specified for ExtensionRef filter.type" + rule: "!(!has(self.extensionRef) && self.type == 'ExtensionRef')" + maxItems: 16 + type: "array" + x-kubernetes-validations: + - message: "RequestHeaderModifier filter cannot be repeated" + rule: "self.filter(f, f.type == 'RequestHeaderModifier').size() <= 1" + - message: "ResponseHeaderModifier filter cannot be repeated" + rule: "self.filter(f, f.type == 'ResponseHeaderModifier').size() <= 1" + group: + default: "" + description: "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + kind: + default: "Service" + description: "Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)" + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" + type: "string" + name: + description: "Name is the name of the referent." + maxLength: 253 + minLength: 1 + type: "string" + namespace: + description: "Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" + type: "string" + port: + description: "Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field." + format: "int32" + maximum: 65535.0 + minimum: 1.0 + type: "integer" + weight: + default: 1 + description: "Weight specifies the proportion of requests forwarded to the referenced\nbackend. This is computed as weight/(sum of all weights in this\nBackendRefs list). For non-zero values, there may be some epsilon from\nthe exact proportion defined here depending on the precision an\nimplementation supports. Weight is not a percentage and the sum of\nweights does not need to equal 100.\n\n\nIf only one backend is specified and it has a weight greater than 0, 100%\nof the traffic is forwarded to that backend. If weight is set to 0, no\ntraffic should be forwarded for this entry. If unspecified, weight\ndefaults to 1.\n\n\nSupport for this field varies based on the context where used." + format: "int32" + maximum: 1000000.0 + minimum: 0.0 + type: "integer" + required: + - "name" + type: "object" + x-kubernetes-validations: + - message: "Must have port for Service reference" + rule: "(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" + maxItems: 16 + type: "array" + filters: + description: "Filters define the filters that are applied to requests that match\nthis rule.\n\n\nThe effects of ordering of multiple behaviors are currently unspecified.\nThis can change in the future based on feedback during the alpha stage.\n\n\nConformance-levels at this level are defined based on the type of filter:\n\n\n- ALL core filters MUST be supported by all implementations that support\n GRPCRoute.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\n\nIf an implementation can not support a combination of filters, it must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\n\nSupport: Core" + items: + description: "GRPCRouteFilter defines processing steps that must be completed during the\nrequest or response lifecycle. GRPCRouteFilters are meant as an extension\npoint to express processing that may be done in Gateway implementations. Some\nexamples include request or response modification, implementing\nauthentication strategies, rate-limiting, and traffic shaping. API\nguarantee/conformance is defined based on the type of the filter." + properties: + extensionRef: + description: "ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\n\nSupport: Implementation-specific\n\n\nThis filter can be used multiple times within the same rule." + properties: + group: + description: "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + kind: + description: "Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" + type: "string" + name: + description: "Name is the name of the referent." + maxLength: 253 + minLength: 1 + type: "string" + required: + - "group" + - "kind" + - "name" + type: "object" + requestHeaderModifier: + description: "RequestHeaderModifier defines a schema for a filter that modifies request\nheaders.\n\n\nSupport: Core" + properties: + add: + description: "Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + items: + description: "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230." + properties: + name: + description: "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + maxLength: 256 + minLength: 1 + pattern: "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" + type: "string" + value: + description: "Value is the value of HTTP Header to be matched." + maxLength: 4096 + minLength: 1 + type: "string" + required: + - "name" + - "value" + type: "object" + maxItems: 16 + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + remove: + description: "Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + items: + type: "string" + maxItems: 16 + type: "array" + x-kubernetes-list-type: "set" + set: + description: "Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + items: + description: "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230." + properties: + name: + description: "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + maxLength: 256 + minLength: 1 + pattern: "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" + type: "string" + value: + description: "Value is the value of HTTP Header to be matched." + maxLength: 4096 + minLength: 1 + type: "string" + required: + - "name" + - "value" + type: "object" + maxItems: 16 + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + type: "object" + requestMirror: + description: "RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended" + properties: + backendRef: + description: "BackendRef references a resource where mirrored requests are sent.\n\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource" + properties: + group: + default: "" + description: "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + kind: + default: "Service" + description: "Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)" + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" + type: "string" + name: + description: "Name is the name of the referent." + maxLength: 253 + minLength: 1 + type: "string" + namespace: + description: "Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" + type: "string" + port: + description: "Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field." + format: "int32" + maximum: 65535.0 + minimum: 1.0 + type: "integer" + required: + - "name" + type: "object" + x-kubernetes-validations: + - message: "Must have port for Service reference" + rule: "(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" + required: + - "backendRef" + type: "object" + responseHeaderModifier: + description: "ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\n\nSupport: Extended" + properties: + add: + description: "Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + items: + description: "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230." + properties: + name: + description: "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + maxLength: 256 + minLength: 1 + pattern: "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" + type: "string" + value: + description: "Value is the value of HTTP Header to be matched." + maxLength: 4096 + minLength: 1 + type: "string" + required: + - "name" + - "value" + type: "object" + maxItems: 16 + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + remove: + description: "Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + items: + type: "string" + maxItems: 16 + type: "array" + x-kubernetes-list-type: "set" + set: + description: "Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + items: + description: "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230." + properties: + name: + description: "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + maxLength: 256 + minLength: 1 + pattern: "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" + type: "string" + value: + description: "Value is the value of HTTP Header to be matched." + maxLength: 4096 + minLength: 1 + type: "string" + required: + - "name" + - "value" + type: "object" + maxItems: 16 + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + type: "object" + type: + description: "Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations supporting GRPCRoute MUST support core filters.\n\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n\n- Implementation-specific: Filters that are defined and supported by specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` MUST be set to\n \"ExtensionRef\" for custom filters.\n\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.\n\n\n" + enum: + - "ResponseHeaderModifier" + - "RequestHeaderModifier" + - "RequestMirror" + - "ExtensionRef" + type: "string" + required: + - "type" + type: "object" + x-kubernetes-validations: + - message: "filter.requestHeaderModifier must be nil if the filter.type is not RequestHeaderModifier" + rule: "!(has(self.requestHeaderModifier) && self.type != 'RequestHeaderModifier')" + - message: "filter.requestHeaderModifier must be specified for RequestHeaderModifier filter.type" + rule: "!(!has(self.requestHeaderModifier) && self.type == 'RequestHeaderModifier')" + - message: "filter.responseHeaderModifier must be nil if the filter.type is not ResponseHeaderModifier" + rule: "!(has(self.responseHeaderModifier) && self.type != 'ResponseHeaderModifier')" + - message: "filter.responseHeaderModifier must be specified for ResponseHeaderModifier filter.type" + rule: "!(!has(self.responseHeaderModifier) && self.type == 'ResponseHeaderModifier')" + - message: "filter.requestMirror must be nil if the filter.type is not RequestMirror" + rule: "!(has(self.requestMirror) && self.type != 'RequestMirror')" + - message: "filter.requestMirror must be specified for RequestMirror filter.type" + rule: "!(!has(self.requestMirror) && self.type == 'RequestMirror')" + - message: "filter.extensionRef must be nil if the filter.type is not ExtensionRef" + rule: "!(has(self.extensionRef) && self.type != 'ExtensionRef')" + - message: "filter.extensionRef must be specified for ExtensionRef filter.type" + rule: "!(!has(self.extensionRef) && self.type == 'ExtensionRef')" + maxItems: 16 + type: "array" + x-kubernetes-validations: + - message: "RequestHeaderModifier filter cannot be repeated" + rule: "self.filter(f, f.type == 'RequestHeaderModifier').size() <= 1" + - message: "ResponseHeaderModifier filter cannot be repeated" + rule: "self.filter(f, f.type == 'ResponseHeaderModifier').size() <= 1" + matches: + description: "Matches define conditions used for matching the rule against incoming\ngRPC requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\n\nFor example, take the following matches configuration:\n\n\n```\nmatches:\n- method:\n service: foo.bar\n headers:\n values:\n version: 2\n- method:\n service: foo.bar.v2\n```\n\n\nFor a request to match against this rule, it MUST satisfy\nEITHER of the two conditions:\n\n\n- service of foo.bar AND contains the header `version: 2`\n- service of foo.bar.v2\n\n\nSee the documentation for GRPCRouteMatch on how to specify multiple\nmatch conditions to be ANDed together.\n\n\nIf no matches are specified, the implementation MUST match every gRPC request.\n\n\nProxy or Load Balancer routing configuration generated from GRPCRoutes\nMUST prioritize rules based on the following criteria, continuing on\nties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.\nPrecedence MUST be given to the rule with the largest number of:\n\n\n* Characters in a matching non-wildcard hostname.\n* Characters in a matching hostname.\n* Characters in a matching service.\n* Characters in a matching method.\n* Header matches.\n\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nIf ties still exist within the Route that has been given precedence,\nmatching precedence MUST be granted to the first matching rule meeting\nthe above criteria." + items: + description: "GRPCRouteMatch defines the predicate used to match requests to a given\naction. Multiple match types are ANDed together, i.e. the match will\nevaluate to true only if all conditions are satisfied.\n\n\nFor example, the match below will match a gRPC request only if its service\nis `foo` AND it contains the `version: v1` header:\n\n\n```\nmatches:\n - method:\n type: Exact\n service: \"foo\"\n headers:\n - name: \"version\"\n value \"v1\"\n\n\n```" + properties: + headers: + description: "Headers specifies gRPC request header matchers. Multiple match values are\nANDed together, meaning, a request MUST match all the specified headers\nto select the route." + items: + description: "GRPCHeaderMatch describes how to select a gRPC route by matching gRPC request\nheaders." + properties: + name: + description: "Name is the name of the gRPC Header to be matched.\n\n\nIf multiple entries specify equivalent header names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + maxLength: 256 + minLength: 1 + pattern: "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$" + type: "string" + type: + default: "Exact" + description: "Type specifies how to match against the value of the header." + enum: + - "Exact" + - "RegularExpression" + type: "string" + value: + description: "Value is the value of the gRPC Header to be matched." + maxLength: 4096 + minLength: 1 + type: "string" + required: + - "name" + - "value" + type: "object" + maxItems: 16 + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + method: + description: "Method specifies a gRPC request service/method matcher. If this field is\nnot specified, all services and methods will match." + properties: + method: + description: "Value of the method to match against. If left empty or omitted, will\nmatch all services.\n\n\nAt least one of Service and Method MUST be a non-empty string." + maxLength: 1024 + type: "string" + service: + description: "Value of the service to match against. If left empty or omitted, will\nmatch any service.\n\n\nAt least one of Service and Method MUST be a non-empty string." + maxLength: 1024 + type: "string" + type: + default: "Exact" + description: "Type specifies how to match against the service and/or method.\nSupport: Core (Exact with service and method specified)\n\n\nSupport: Implementation-specific (Exact with method specified but no service specified)\n\n\nSupport: Implementation-specific (RegularExpression)" + enum: + - "Exact" + - "RegularExpression" + type: "string" + type: "object" + x-kubernetes-validations: + - message: "One or both of 'service' or 'method' must be specified" + rule: "has(self.type) ? has(self.service) || has(self.method) : true" + - message: "service must only contain valid characters (matching ^(?i)\\.?[a-z_][a-z_0-9]*(\\.[a-z_][a-z_0-9]*)*$)" + rule: "(!has(self.type) || self.type == 'Exact') && has(self.service) ? self.service.matches(r\"\"\"^(?i)\\.?[a-z_][a-z_0-9]*(\\.[a-z_][a-z_0-9]*)*$\"\"\"): true" + - message: "method must only contain valid characters (matching ^[A-Za-z_][A-Za-z_0-9]*$)" + rule: "(!has(self.type) || self.type == 'Exact') && has(self.method) ? self.method.matches(r\"\"\"^[A-Za-z_][A-Za-z_0-9]*$\"\"\"): true" + type: "object" + maxItems: 8 + type: "array" + type: "object" + maxItems: 16 + type: "array" + type: "object" + status: + description: "Status defines the current state of GRPCRoute." + properties: + parents: + description: "Parents is a list of parent resources (usually Gateways) that are\nassociated with the route, and the status of the route with respect to\neach parent. When this route attaches to a parent, the controller that\nmanages the parent must add an entry to this list when the controller\nfirst sees the route and should update the entry as appropriate when the\nroute or gateway is modified.\n\n\nNote that parent references that cannot be resolved by an implementation\nof this API will not be added to this list. Implementations of this API\ncan only populate Route status for the Gateways/parent resources they are\nresponsible for.\n\n\nA maximum of 32 Gateways will be represented in this list. An empty list\nmeans the route has not been attached to any Gateway." + items: + description: "RouteParentStatus describes the status of a route with respect to an\nassociated Parent." + properties: + conditions: + description: "Conditions describes the status of the route with respect to the Gateway.\nNote that the route's availability is also subject to the Gateway's own\nstatus conditions and listener status.\n\n\nIf the Route's ParentRef specifies an existing Gateway that supports\nRoutes of this kind AND that Gateway's controller has sufficient access,\nthen that Gateway's controller MUST set the \"Accepted\" condition on the\nRoute, to indicate whether the route has been accepted or rejected by the\nGateway, and why.\n\n\nA Route MUST be considered \"Accepted\" if at least one of the Route's\nrules is implemented by the Gateway.\n\n\nThere are a number of cases where the \"Accepted\" condition may not be set\ndue to lack of controller visibility, that includes when:\n\n\n* The Route refers to a non-existent parent.\n* The Route is of a type that the controller does not support.\n* The Route is in a namespace the controller does not have access to." + items: + description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." + format: "date-time" + type: "string" + message: + description: "message is a human readable message indicating details about the transition.\nThis may be an empty string." + maxLength: 32768 + type: "string" + observedGeneration: + description: "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance." + format: "int64" + minimum: 0.0 + type: "integer" + reason: + description: "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty." + maxLength: 1024 + minLength: 1 + pattern: "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" + type: "string" + status: + description: "status of the condition, one of True, False, Unknown." + enum: + - "True" + - "False" + - "Unknown" + type: "string" + type: + description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + maxLength: 316 + pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" + type: "string" + required: + - "lastTransitionTime" + - "message" + - "reason" + - "status" + - "type" + type: "object" + maxItems: 8 + minItems: 1 + type: "array" + x-kubernetes-list-map-keys: + - "type" + x-kubernetes-list-type: "map" + controllerName: + description: "ControllerName is a domain/path string that indicates the name of the\ncontroller that wrote this status. This corresponds with the\ncontrollerName field on GatewayClass.\n\n\nExample: \"example.net/gateway-controller\".\n\n\nThe format of this field is DOMAIN \"/\" PATH, where DOMAIN and PATH are\nvalid Kubernetes names\n(https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).\n\n\nControllers MUST populate this field when writing status. Controllers should ensure that\nentries to status populated with their ControllerName are cleaned up when they are no\nlonger necessary." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\\/[A-Za-z0-9\\/\\-._~%!$&'()*+,;=:]+$" + type: "string" + parentRef: + description: "ParentRef corresponds with a ParentRef in the spec that this\nRouteParentStatus struct describes the status of." + properties: + group: + default: "gateway.networking.k8s.io" + description: "Group is the group of the referent.\nWhen unspecified, \"gateway.networking.k8s.io\" is inferred.\nTo set the core API group (such as for a \"Service\" kind referent),\nGroup must be explicitly set to \"\" (empty string).\n\n\nSupport: Core" + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + kind: + default: "Gateway" + description: "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" + type: "string" + name: + description: "Name is the name of the referent.\n\n\nSupport: Core" + maxLength: 253 + minLength: 1 + type: "string" + namespace: + description: "Namespace is the namespace of the referent. When unspecified, this refers\nto the local namespace of the Route.\n\n\nNote that there are specific rules for ParentRefs which cross namespace\nboundaries. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example:\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable any other kind of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\nSupport: Core" + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" + type: "string" + port: + description: "Port is the network port this Route targets. It can be interpreted\ndifferently based on the type of parent resource.\n\n\nWhen the parent resource is a Gateway, this targets all listeners\nlistening on the specified port that also support this kind of Route(and\nselect this Route). It's not recommended to set `Port` unless the\nnetworking behaviors specified in a Route must apply to a specific port\nas opposed to a listener(s) whose port(s) may be changed. When both Port\nand SectionName are specified, the name and port of the selected listener\nmust match both specified values.\n\n\n\nWhen the parent resource is a Service, this targets a specific port in the\nService spec. When both Port (experimental) and SectionName are specified,\nthe name and port of the selected port must match both specified values.\n\n\n\nImplementations MAY choose to support other parent resources.\nImplementations supporting other types of parent resources MUST clearly\ndocument how/if Port is interpreted.\n\n\nFor the purpose of status, an attachment is considered successful as\nlong as the parent resource accepts it partially. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\nfrom the referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route,\nthe Route MUST be considered detached from the Gateway.\n\n\nSupport: Extended" + format: "int32" + maximum: 65535.0 + minimum: 1.0 + type: "integer" + sectionName: + description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + required: + - "name" + type: "object" + required: + - "controllerName" + - "parentRef" + type: "object" + maxItems: 32 + type: "array" + required: + - "parents" + type: "object" + type: "object" + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/httproutes.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/httproutes.yaml index b5f6d35e9..7515f618f 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/httproutes.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/httproutes.yaml @@ -51,9 +51,9 @@ spec: maxItems: 16 type: "array" parentRefs: - description: "ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n\n* Service (Mesh conformance profile, experimental, ClusterIP Services only)\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" + description: "ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" items: - description: "ParentReference identifies an API object (usually a Gateway) that can be considered\na parent of this resource (usually a route). There are two kinds of parent resources\nwith \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, experimental, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid." + description: "ParentReference identifies an API object (usually a Gateway) that can be considered\na parent of this resource (usually a route). There are two kinds of parent resources\nwith \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid." properties: group: default: "gateway.networking.k8s.io" @@ -63,7 +63,7 @@ spec: type: "string" kind: default: "Gateway" - description: "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, experimental, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." + description: "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." maxLength: 63 minLength: 1 pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" @@ -86,7 +86,7 @@ spec: minimum: 1.0 type: "integer" sectionName: - description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener Name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port Name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values. Note that attaching Routes to Services as Parents\nis part of experimental Mesh support and is not supported for any other\npurpose.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" + description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" maxLength: 253 minLength: 1 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" @@ -1087,7 +1087,7 @@ spec: type: "string" kind: default: "Gateway" - description: "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, experimental, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." + description: "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." maxLength: 63 minLength: 1 pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" @@ -1110,7 +1110,7 @@ spec: minimum: 1.0 type: "integer" sectionName: - description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener Name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port Name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values. Note that attaching Routes to Services as Parents\nis part of experimental Mesh support and is not supported for any other\npurpose.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" + description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" maxLength: 253 minLength: 1 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/grpcroutes.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/grpcroutes.yaml index c69b6d69d..40116d4ce 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/grpcroutes.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/grpcroutes.yaml @@ -17,13 +17,8 @@ spec: singular: "grpcroute" scope: "Namespaced" versions: - - additionalPrinterColumns: - - jsonPath: ".spec.hostnames" - name: "Hostnames" - type: "string" - - jsonPath: ".metadata.creationTimestamp" - name: "Age" - type: "date" + - deprecated: true + deprecationWarning: "The v1alpha2 version of GRPCRoute has been deprecated and will be removed in a future release of the API. Please upgrade to v1." name: "v1alpha2" schema: openAPIV3Schema: @@ -51,9 +46,9 @@ spec: maxItems: 16 type: "array" parentRefs: - description: "ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n\n* Service (Mesh conformance profile, experimental, ClusterIP Services only)\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" + description: "ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" items: - description: "ParentReference identifies an API object (usually a Gateway) that can be considered\na parent of this resource (usually a route). There are two kinds of parent resources\nwith \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, experimental, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid." + description: "ParentReference identifies an API object (usually a Gateway) that can be considered\na parent of this resource (usually a route). There are two kinds of parent resources\nwith \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid." properties: group: default: "gateway.networking.k8s.io" @@ -63,7 +58,7 @@ spec: type: "string" kind: default: "Gateway" - description: "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, experimental, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." + description: "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." maxLength: 63 minLength: 1 pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" @@ -86,7 +81,7 @@ spec: minimum: 1.0 type: "integer" sectionName: - description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener Name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port Name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values. Note that attaching Routes to Services as Parents\nis part of experimental Mesh support and is not supported for any other\npurpose.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" + description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" maxLength: 253 minLength: 1 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" @@ -762,7 +757,7 @@ spec: type: "string" kind: default: "Gateway" - description: "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, experimental, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." + description: "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." maxLength: 63 minLength: 1 pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" @@ -785,7 +780,7 @@ spec: minimum: 1.0 type: "integer" sectionName: - description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener Name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port Name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values. Note that attaching Routes to Services as Parents\nis part of experimental Mesh support and is not supported for any other\npurpose.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" + description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" maxLength: 253 minLength: 1 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" @@ -804,9 +799,7 @@ spec: type: "object" type: "object" served: true - storage: true - subresources: - status: {} + storage: false status: acceptedNames: kind: "" diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/tcproutes.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/tcproutes.yaml index 692445e72..0b40c1d29 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/tcproutes.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/tcproutes.yaml @@ -38,9 +38,9 @@ spec: description: "Spec defines the desired state of TCPRoute." properties: parentRefs: - description: "ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n\n* Service (Mesh conformance profile, experimental, ClusterIP Services only)\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" + description: "ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" items: - description: "ParentReference identifies an API object (usually a Gateway) that can be considered\na parent of this resource (usually a route). There are two kinds of parent resources\nwith \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, experimental, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid." + description: "ParentReference identifies an API object (usually a Gateway) that can be considered\na parent of this resource (usually a route). There are two kinds of parent resources\nwith \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid." properties: group: default: "gateway.networking.k8s.io" @@ -50,7 +50,7 @@ spec: type: "string" kind: default: "Gateway" - description: "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, experimental, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." + description: "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." maxLength: 63 minLength: 1 pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" @@ -73,7 +73,7 @@ spec: minimum: 1.0 type: "integer" sectionName: - description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener Name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port Name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values. Note that attaching Routes to Services as Parents\nis part of experimental Mesh support and is not supported for any other\npurpose.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" + description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" maxLength: 253 minLength: 1 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" @@ -225,7 +225,7 @@ spec: type: "string" kind: default: "Gateway" - description: "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, experimental, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." + description: "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." maxLength: 63 minLength: 1 pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" @@ -248,7 +248,7 @@ spec: minimum: 1.0 type: "integer" sectionName: - description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener Name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port Name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values. Note that attaching Routes to Services as Parents\nis part of experimental Mesh support and is not supported for any other\npurpose.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" + description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" maxLength: 253 minLength: 1 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/tlsroutes.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/tlsroutes.yaml index f5bc1ada8..24f5ace6c 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/tlsroutes.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/tlsroutes.yaml @@ -48,9 +48,9 @@ spec: maxItems: 16 type: "array" parentRefs: - description: "ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n\n* Service (Mesh conformance profile, experimental, ClusterIP Services only)\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" + description: "ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" items: - description: "ParentReference identifies an API object (usually a Gateway) that can be considered\na parent of this resource (usually a route). There are two kinds of parent resources\nwith \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, experimental, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid." + description: "ParentReference identifies an API object (usually a Gateway) that can be considered\na parent of this resource (usually a route). There are two kinds of parent resources\nwith \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid." properties: group: default: "gateway.networking.k8s.io" @@ -60,7 +60,7 @@ spec: type: "string" kind: default: "Gateway" - description: "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, experimental, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." + description: "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." maxLength: 63 minLength: 1 pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" @@ -83,7 +83,7 @@ spec: minimum: 1.0 type: "integer" sectionName: - description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener Name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port Name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values. Note that attaching Routes to Services as Parents\nis part of experimental Mesh support and is not supported for any other\npurpose.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" + description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" maxLength: 253 minLength: 1 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" @@ -235,7 +235,7 @@ spec: type: "string" kind: default: "Gateway" - description: "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, experimental, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." + description: "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." maxLength: 63 minLength: 1 pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" @@ -258,7 +258,7 @@ spec: minimum: 1.0 type: "integer" sectionName: - description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener Name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port Name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values. Note that attaching Routes to Services as Parents\nis part of experimental Mesh support and is not supported for any other\npurpose.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" + description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" maxLength: 253 minLength: 1 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/udproutes.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/udproutes.yaml index 8741fcc4c..05fca2104 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/udproutes.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/udproutes.yaml @@ -38,9 +38,9 @@ spec: description: "Spec defines the desired state of UDPRoute." properties: parentRefs: - description: "ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n\n* Service (Mesh conformance profile, experimental, ClusterIP Services only)\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" + description: "ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" items: - description: "ParentReference identifies an API object (usually a Gateway) that can be considered\na parent of this resource (usually a route). There are two kinds of parent resources\nwith \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, experimental, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid." + description: "ParentReference identifies an API object (usually a Gateway) that can be considered\na parent of this resource (usually a route). There are two kinds of parent resources\nwith \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid." properties: group: default: "gateway.networking.k8s.io" @@ -50,7 +50,7 @@ spec: type: "string" kind: default: "Gateway" - description: "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, experimental, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." + description: "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." maxLength: 63 minLength: 1 pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" @@ -73,7 +73,7 @@ spec: minimum: 1.0 type: "integer" sectionName: - description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener Name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port Name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values. Note that attaching Routes to Services as Parents\nis part of experimental Mesh support and is not supported for any other\npurpose.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" + description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" maxLength: 253 minLength: 1 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" @@ -225,7 +225,7 @@ spec: type: "string" kind: default: "Gateway" - description: "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, experimental, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." + description: "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." maxLength: 63 minLength: 1 pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" @@ -248,7 +248,7 @@ spec: minimum: 1.0 type: "integer" sectionName: - description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener Name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port Name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values. Note that attaching Routes to Services as Parents\nis part of experimental Mesh support and is not supported for any other\npurpose.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" + description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" maxLength: 253 minLength: 1 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/gatewayclasses.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/gatewayclasses.yaml index b9a5e581e..0544affeb 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/gatewayclasses.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/gatewayclasses.yaml @@ -63,7 +63,7 @@ spec: maxLength: 64 type: "string" parametersRef: - description: "ParametersRef is a reference to a resource that contains the configuration\nparameters corresponding to the GatewayClass. This is optional if the\ncontroller does not require any additional configuration.\n\n\nParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,\nor an implementation-specific custom resource. The resource can be\ncluster-scoped or namespace-scoped.\n\n\nIf the referent cannot be found, the GatewayClass's \"InvalidParameters\"\nstatus condition will be true.\n\n\nSupport: Implementation-specific" + description: "ParametersRef is a reference to a resource that contains the configuration\nparameters corresponding to the GatewayClass. This is optional if the\ncontroller does not require any additional configuration.\n\n\nParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,\nor an implementation-specific custom resource. The resource can be\ncluster-scoped or namespace-scoped.\n\n\nIf the referent cannot be found, the GatewayClass's \"InvalidParameters\"\nstatus condition will be true.\n\n\nA Gateway for this GatewayClass may provide its own `parametersRef`. When both are specified,\nthe merging behavior is implementation specific.\nIt is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.\n\n\nSupport: Implementation-specific" properties: group: description: "Group is the group of the referent." diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/gateways.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/gateways.yaml index b24bab4b3..3967f9060 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/gateways.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/gateways.yaml @@ -118,6 +118,30 @@ spec: description: "Labels that SHOULD be applied to any resources created in response to this Gateway.\n\n\nFor implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources.\nFor other implementations, this refers to any relevant (implementation specific) \"labels\" concepts.\n\n\nAn implementation may chose to add additional implementation-specific labels as they see fit.\n\n\nSupport: Extended" maxProperties: 8 type: "object" + parametersRef: + description: "ParametersRef is a reference to a resource that contains the configuration\nparameters corresponding to the Gateway. This is optional if the\ncontroller does not require any additional configuration.\n\n\nThis follows the same semantics as GatewayClass's `parametersRef`, but on a per-Gateway basis\n\n\nThe Gateway's GatewayClass may provide its own `parametersRef`. When both are specified,\nthe merging behavior is implementation specific.\nIt is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.\n\n\nSupport: Implementation-specific" + properties: + group: + description: "Group is the group of the referent." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + kind: + description: "Kind is kind of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" + type: "string" + name: + description: "Name is the name of the referent." + maxLength: 253 + minLength: 1 + type: "string" + required: + - "group" + - "kind" + - "name" + type: "object" type: "object" listeners: description: "Listeners associated with this Gateway. Listeners define\nlogical endpoints that are bound on this Gateway's addresses.\nAt least one Listener MUST be specified.\n\n\nEach Listener in a set of Listeners (for example, in a single Gateway)\nMUST be _distinct_, in that a traffic flow MUST be able to be assigned to\nexactly one listener. (This section uses \"set of Listeners\" rather than\n\"Listeners in a single Gateway\" because implementations MAY merge configuration\nfrom multiple Gateways onto a single data plane, and these rules _also_\napply in that case).\n\n\nPractically, this means that each listener in a set MUST have a unique\ncombination of Port, Protocol, and, if supported by the protocol, Hostname.\n\n\nSome combinations of port, protocol, and TLS settings are considered\nCore support and MUST be supported by implementations based on their\ntargeted conformance profile:\n\n\nHTTP Profile\n\n\n1. HTTPRoute, Port: 80, Protocol: HTTP\n2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided\n\n\nTLS Profile\n\n\n1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough\n\n\n\"Distinct\" Listeners have the following property:\n\n\nThe implementation can match inbound requests to a single distinct\nListener. When multiple Listeners share values for fields (for\nexample, two Listeners with the same Port value), the implementation\ncan match requests to only one of the Listeners using other\nListener fields.\n\n\nFor example, the following Listener scenarios are distinct:\n\n\n1. Multiple Listeners with the same Port that all use the \"HTTP\"\n Protocol that all have unique Hostname values.\n2. Multiple Listeners with the same Port that use either the \"HTTPS\" or\n \"TLS\" Protocol that all have unique Hostname values.\n3. A mixture of \"TCP\" and \"UDP\" Protocol Listeners, where no Listener\n with the same Protocol has the same Port value.\n\n\nSome fields in the Listener struct have possible values that affect\nwhether the Listener is distinct. Hostname is particularly relevant\nfor HTTP or HTTPS protocols.\n\n\nWhen using the Hostname value to select between same-Port, same-Protocol\nListeners, the Hostname value must be different on each Listener for the\nListener to be distinct.\n\n\nWhen the Listeners are distinct based on Hostname, inbound request\nhostnames MUST match from the most specific to least specific Hostname\nvalues to choose the correct Listener and its associated set of Routes.\n\n\nExact matches must be processed before wildcard matches, and wildcard\nmatches must be processed before fallback (empty Hostname value)\nmatches. For example, `\"foo.example.com\"` takes precedence over\n`\"*.example.com\"`, and `\"*.example.com\"` takes precedence over `\"\"`.\n\n\nAdditionally, if there are multiple wildcard entries, more specific\nwildcard entries must be processed before less specific wildcard entries.\nFor example, `\"*.foo.example.com\"` takes precedence over `\"*.example.com\"`.\nThe precise definition here is that the higher the number of dots in the\nhostname to the right of the wildcard character, the higher the precedence.\n\n\nThe wildcard character will match any number of characters _and dots_ to\nthe left, however, so `\"*.example.com\"` will match both\n`\"foo.bar.example.com\"` _and_ `\"bar.example.com\"`.\n\n\nIf a set of Listeners contains Listeners that are not distinct, then those\nListeners are Conflicted, and the implementation MUST set the \"Conflicted\"\ncondition in the Listener Status to \"True\".\n\n\nImplementations MAY choose to accept a Gateway with some Conflicted\nListeners only if they only accept the partial Listener set that contains\nno Conflicted Listeners. To put this another way, implementations may\naccept a partial Listener set only if they throw out *all* the conflicting\nListeners. No picking one of the conflicting listeners as the winner.\nThis also means that the Gateway must have at least one non-conflicting\nListener in this case, otherwise it violates the requirement that at\nleast one Listener must be present.\n\n\nThe implementation MUST set a \"ListenersNotValid\" condition on the\nGateway Status when the Gateway contains Conflicted Listeners whether or\nnot they accept the Gateway. That Condition SHOULD clearly\nindicate in the Message which Listeners are conflicted, and which are\nAccepted. Additionally, the Listener status for those listeners SHOULD\nindicate which Listeners are conflicted and not Accepted.\n\n\nA Gateway's Listeners are considered \"compatible\" if:\n\n\n1. They are distinct.\n2. The implementation can serve them in compliance with the Addresses\n requirement that all Listeners are available on all assigned\n addresses.\n\n\nCompatible combinations in Extended support are expected to vary across\nimplementations. A combination that is compatible for one implementation\nmay not be compatible for another.\n\n\nFor example, an implementation that cannot serve both TCP and UDP listeners\non the same address, or cannot mix HTTPS and generic TLS listens on the same port\nwould not consider those cases compatible, even though they are distinct.\n\n\nNote that requests SHOULD match at most one Listener. For example, if\nListeners are defined for \"foo.example.com\" and \"*.example.com\", a\nrequest to \"foo.example.com\" SHOULD only be routed using routes attached\nto the \"foo.example.com\" Listener (and not the \"*.example.com\" Listener).\nThis concept is known as \"Listener Isolation\". Implementations that do\nnot support Listener Isolation MUST clearly document this.\n\n\nImplementations MAY merge separate Gateways onto a single set of\nAddresses if all Listeners across all Gateways are compatible.\n\n\nSupport: Core" @@ -259,6 +283,45 @@ spec: type: "object" maxItems: 64 type: "array" + frontendValidation: + description: "FrontendValidation holds configuration information for validating the frontend (client).\nSetting this field will require clients to send a client certificate\nrequired for validation during the TLS handshake. In browsers this may result in a dialog appearing\nthat requests a user to specify the client certificate.\nThe maximum depth of a certificate chain accepted in verification is Implementation specific.\n\n\nSupport: Extended\n\n\n" + properties: + caCertificateRefs: + description: "CACertificateRefs contains one or more references to\nKubernetes objects that contain TLS certificates of\nthe Certificate Authorities that can be used\nas a trust anchor to validate the certificates presented by the client.\n\n\nA single CA certificate reference to a Kubernetes ConfigMap\nhas \"Core\" support.\nImplementations MAY choose to support attaching multiple CA certificates to\na Listener, but this behavior is implementation-specific.\n\n\nSupport: Core - A single reference to a Kubernetes ConfigMap\nwith the CA certificate in a key named `ca.crt`.\n\n\nSupport: Implementation-specific (More than one reference, or other kinds\nof resources).\n\n\nReferences to a resource in a different namespace are invalid UNLESS there\nis a ReferenceGrant in the target namespace that allows the certificate\nto be attached. If a ReferenceGrant does not allow this reference, the\n\"ResolvedRefs\" condition MUST be set to False for this listener with the\n\"RefNotPermitted\" reason." + items: + description: "ObjectReference identifies an API object including its namespace.\n\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid.\n\n\nReferences to objects with invalid Group and Kind are not valid, and must\nbe rejected by the implementation, with appropriate Conditions set\non the containing object." + properties: + group: + description: "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + kind: + description: "Kind is kind of the referent. For example \"ConfigMap\" or \"Service\"." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" + type: "string" + name: + description: "Name is the name of the referent." + maxLength: 253 + minLength: 1 + type: "string" + namespace: + description: "Namespace is the namespace of the referenced object. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" + type: "string" + required: + - "group" + - "kind" + - "name" + type: "object" + maxItems: 8 + minItems: 1 + type: "array" + type: "object" mode: default: "Terminate" description: "Mode defines the TLS behavior for the TLS session initiated by the client.\nThere are two possible modes:\n\n\n- Terminate: The TLS session between the downstream client and the\n Gateway is terminated at the Gateway. This mode requires certificates\n to be specified in some way, such as populating the certificateRefs\n field.\n- Passthrough: The TLS session is NOT terminated by the Gateway. This\n implies that the Gateway can't decipher the TLS stream except for\n the ClientHello message of the TLS protocol. The certificateRefs field\n is ignored in this mode.\n\n\nSupport: Core" diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/httproutes.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/httproutes.yaml index 6f1a21dab..2ce247444 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/httproutes.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/httproutes.yaml @@ -51,9 +51,9 @@ spec: maxItems: 16 type: "array" parentRefs: - description: "ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n\n* Service (Mesh conformance profile, experimental, ClusterIP Services only)\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" + description: "ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" items: - description: "ParentReference identifies an API object (usually a Gateway) that can be considered\na parent of this resource (usually a route). There are two kinds of parent resources\nwith \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, experimental, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid." + description: "ParentReference identifies an API object (usually a Gateway) that can be considered\na parent of this resource (usually a route). There are two kinds of parent resources\nwith \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid." properties: group: default: "gateway.networking.k8s.io" @@ -63,7 +63,7 @@ spec: type: "string" kind: default: "Gateway" - description: "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, experimental, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." + description: "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." maxLength: 63 minLength: 1 pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" @@ -86,7 +86,7 @@ spec: minimum: 1.0 type: "integer" sectionName: - description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener Name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port Name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values. Note that attaching Routes to Services as Parents\nis part of experimental Mesh support and is not supported for any other\npurpose.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" + description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" maxLength: 253 minLength: 1 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" @@ -1087,7 +1087,7 @@ spec: type: "string" kind: default: "Gateway" - description: "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, experimental, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." + description: "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." maxLength: 63 minLength: 1 pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" @@ -1110,7 +1110,7 @@ spec: minimum: 1.0 type: "integer" sectionName: - description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener Name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port Name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values. Note that attaching Routes to Services as Parents\nis part of experimental Mesh support and is not supported for any other\npurpose.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" + description: "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" maxLength: 253 minLength: 1 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" diff --git a/crd-catalog/kubernetes-sigs/jobset/jobset.x-k8s.io/v1alpha2/jobsets.yaml b/crd-catalog/kubernetes-sigs/jobset/jobset.x-k8s.io/v1alpha2/jobsets.yaml index aefdcb2e6..489dd85a7 100644 --- a/crd-catalog/kubernetes-sigs/jobset/jobset.x-k8s.io/v1alpha2/jobsets.yaml +++ b/crd-catalog/kubernetes-sigs/jobset/jobset.x-k8s.io/v1alpha2/jobsets.yaml @@ -4749,6 +4749,11 @@ spec: suspend: description: "Suspend suspends all running child Jobs when set to true." type: "boolean" + ttlSecondsAfterFinished: + description: "TTLSecondsAfterFinished limits the lifetime of a JobSet that has finished\nexecution (either Complete or Failed). If this field is set,\nTTLSecondsAfterFinished after the JobSet finishes, it is eligible to be\nautomatically deleted. When the JobSet is being deleted, its lifecycle\nguarantees (e.g. finalizers) will be honored. If this field is unset,\nthe JobSet won't be automatically deleted. If this field is set to zero,\nthe JobSet becomes eligible to be deleted immediately after it finishes." + format: "int32" + minimum: 0.0 + type: "integer" type: "object" status: description: "JobSetStatus defines the observed state of JobSet" diff --git a/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/resourceflavors.yaml b/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/resourceflavors.yaml index 36096a72d..e7c6e056f 100644 --- a/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/resourceflavors.yaml +++ b/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/resourceflavors.yaml @@ -64,6 +64,9 @@ spec: maxItems: 8 type: "array" x-kubernetes-list-type: "atomic" + x-kubernetes-validations: + - message: "supported taint effect values: 'NoSchedule', 'PreferNoSchedule', 'NoExecute'" + rule: "self.all(x, x.effect in ['NoSchedule', 'PreferNoSchedule', 'NoExecute'])" tolerations: description: "tolerations are extra tolerations that will be added to the pods admitted in\nthe quota associated with this resource flavor.\n\n\nAn example of a toleration is\ncloud.provider.com/preemptible=\"true\":NoSchedule\n\n\ntolerations can be up to 8 elements." items: @@ -89,6 +92,17 @@ spec: maxItems: 8 type: "array" x-kubernetes-list-type: "atomic" + x-kubernetes-validations: + - message: "operator must be Exists when 'key' is empty, which means 'match all values and all keys'" + rule: "self.all(x, !has(x.key) ? x.operator == 'Exists' : true)" + - message: "effect must be 'NoExecute' when 'tolerationSeconds' is set" + rule: "self.all(x, has(x.tolerationSeconds) ? x.effect == 'NoExecute' : true)" + - message: "supported toleration values: 'Equal'(default), 'Exists'" + rule: "self.all(x, !has(x.operator) || x.operator in ['Equal', 'Exists'])" + - message: "a value must be empty when 'operator' is 'Exists'" + rule: "self.all(x, has(x.operator) && x.operator == 'Exists' ? !has(x.value) : true)" + - message: "supported taint effect values: 'NoSchedule', 'PreferNoSchedule', 'NoExecute'" + rule: "self.all(x, !has(x.effect) || x.effect in ['NoSchedule', 'PreferNoSchedule', 'NoExecute'])" type: "object" type: "object" served: true diff --git a/crd-catalog/kubeshop/testkube-operator/tests.testkube.io/v1/testexecutions.yaml b/crd-catalog/kubeshop/testkube-operator/tests.testkube.io/v1/testexecutions.yaml index 4af8a858d..1ba47d86a 100644 --- a/crd-catalog/kubeshop/testkube-operator/tests.testkube.io/v1/testexecutions.yaml +++ b/crd-catalog/kubeshop/testkube-operator/tests.testkube.io/v1/testexecutions.yaml @@ -73,12 +73,12 @@ spec: storageClassName: description: "artifact storage class name for container executor" type: "string" + useDefaultStorageClassName: + description: "whether to use default storage class name" + type: "boolean" volumeMountPath: description: "artifact volume mount path for container executor" type: "string" - required: - - "storageClassName" - - "volumeMountPath" type: "object" command: description: "executor binary command" @@ -418,12 +418,12 @@ spec: storageClassName: description: "artifact storage class name for container executor" type: "string" + useDefaultStorageClassName: + description: "whether to use default storage class name" + type: "boolean" volumeMountPath: description: "artifact volume mount path for container executor" type: "string" - required: - - "storageClassName" - - "volumeMountPath" type: "object" bucketName: description: "minio bucket name to get uploads from" diff --git a/crd-catalog/kubeshop/testkube-operator/tests.testkube.io/v1/testsuiteexecutions.yaml b/crd-catalog/kubeshop/testkube-operator/tests.testkube.io/v1/testsuiteexecutions.yaml index 7f4df6de1..002217158 100644 --- a/crd-catalog/kubeshop/testkube-operator/tests.testkube.io/v1/testsuiteexecutions.yaml +++ b/crd-catalog/kubeshop/testkube-operator/tests.testkube.io/v1/testsuiteexecutions.yaml @@ -294,12 +294,12 @@ spec: storageClassName: description: "artifact storage class name for container executor" type: "string" + useDefaultStorageClassName: + description: "whether to use default storage class name" + type: "boolean" volumeMountPath: description: "artifact volume mount path for container executor" type: "string" - required: - - "storageClassName" - - "volumeMountPath" type: "object" bucketName: description: "minio bucket name to get uploads from" @@ -803,12 +803,12 @@ spec: storageClassName: description: "artifact storage class name for container executor" type: "string" + useDefaultStorageClassName: + description: "whether to use default storage class name" + type: "boolean" volumeMountPath: description: "artifact volume mount path for container executor" type: "string" - required: - - "storageClassName" - - "volumeMountPath" type: "object" bucketName: description: "minio bucket name to get uploads from" diff --git a/crd-catalog/kubeshop/testkube-operator/tests.testkube.io/v3/tests.yaml b/crd-catalog/kubeshop/testkube-operator/tests.testkube.io/v3/tests.yaml index 94e09a830..79fa00c91 100644 --- a/crd-catalog/kubeshop/testkube-operator/tests.testkube.io/v3/tests.yaml +++ b/crd-catalog/kubeshop/testkube-operator/tests.testkube.io/v3/tests.yaml @@ -159,6 +159,9 @@ spec: storageClassName: description: "artifact storage class name for container executor" type: "string" + useDefaultStorageClassName: + description: "whether to use default storage class name" + type: "boolean" volumeMountPath: description: "artifact volume mount path for container executor" type: "string" diff --git a/crd-catalog/mattermost/mattermost-operator/installation.mattermost.com/v1beta1/mattermosts.yaml b/crd-catalog/mattermost/mattermost-operator/installation.mattermost.com/v1beta1/mattermosts.yaml index 0dd91897a..2f4234221 100644 --- a/crd-catalog/mattermost/mattermost-operator/installation.mattermost.com/v1beta1/mattermosts.yaml +++ b/crd-catalog/mattermost/mattermost-operator/installation.mattermost.com/v1beta1/mattermosts.yaml @@ -627,7 +627,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -692,7 +692,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -775,7 +775,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -911,7 +911,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1137,7 +1137,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1422,7 +1422,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1487,7 +1487,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1570,7 +1570,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1706,7 +1706,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1932,7 +1932,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -2293,7 +2293,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -2395,7 +2395,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" diff --git a/crd-catalog/mattermost/mattermost-operator/mattermost.com/v1alpha1/clusterinstallations.yaml b/crd-catalog/mattermost/mattermost-operator/mattermost.com/v1alpha1/clusterinstallations.yaml index c9f26a8e1..a5777be4d 100644 --- a/crd-catalog/mattermost/mattermost-operator/mattermost.com/v1alpha1/clusterinstallations.yaml +++ b/crd-catalog/mattermost/mattermost-operator/mattermost.com/v1alpha1/clusterinstallations.yaml @@ -724,7 +724,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -975,7 +975,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name" + description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" diff --git a/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta1/flowcollectors.yaml b/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta1/flowcollectors.yaml index 34f48cf4a..6ae0a5b2d 100644 --- a/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta1/flowcollectors.yaml +++ b/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta1/flowcollectors.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.6.1" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "flowcollectors.flows.netobserv.io" spec: group: "flows.netobserv.io" @@ -33,53 +33,53 @@ spec: description: "`FlowCollector` is the schema for the network flows collection API, which pilots and configures the underlying deployments." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" spec: - description: "Defines the desired state of the FlowCollector resource.

*: the mention of \"unsupported\", or \"deprecated\" for a feature throughout this document means that this feature is not officially supported by Red Hat. It might have been, for example, contributed by the community and accepted without a formal agreement for maintenance. The product maintainers might provide some support for these features as a best effort only." + description: "Defines the desired state of the FlowCollector resource.\n

\n*: the mention of \"unsupported\", or \"deprecated\" for a feature throughout this document means that this feature\nis not officially supported by Red Hat. It might have been, for example, contributed by the community\nand accepted without a formal agreement for maintenance. The product maintainers might provide some support\nfor these features as a best effort only." properties: agent: description: "Agent configuration for flows extraction." properties: ebpf: - description: "`ebpf` describes the settings related to the eBPF-based flow reporter when `spec.agent.type` is set to `EBPF`." + description: "`ebpf` describes the settings related to the eBPF-based flow reporter when `spec.agent.type`\nis set to `EBPF`." properties: cacheActiveTimeout: default: "5s" - description: "`cacheActiveTimeout` is the max period during which the reporter aggregates flows before sending. Increasing `cacheMaxFlows` and `cacheActiveTimeout` can decrease the network traffic overhead and the CPU load, however you can expect higher memory consumption and an increased latency in the flow collection." + description: "`cacheActiveTimeout` is the max period during which the reporter aggregates flows before sending.\nIncreasing `cacheMaxFlows` and `cacheActiveTimeout` can decrease the network traffic overhead and the CPU load,\nhowever you can expect higher memory consumption and an increased latency in the flow collection." pattern: "^\\d+(ns|ms|s|m)?$" type: "string" cacheMaxFlows: default: 100000 - description: "`cacheMaxFlows` is the max number of flows in an aggregate; when reached, the reporter sends the flows. Increasing `cacheMaxFlows` and `cacheActiveTimeout` can decrease the network traffic overhead and the CPU load, however you can expect higher memory consumption and an increased latency in the flow collection." + description: "`cacheMaxFlows` is the max number of flows in an aggregate; when reached, the reporter sends the flows.\nIncreasing `cacheMaxFlows` and `cacheActiveTimeout` can decrease the network traffic overhead and the CPU load,\nhowever you can expect higher memory consumption and an increased latency in the flow collection." format: "int32" minimum: 1.0 type: "integer" debug: - description: "`debug` allows setting some aspects of the internal configuration of the eBPF agent. This section is aimed exclusively for debugging and fine-grained performance optimizations, such as `GOGC` and `GOMAXPROCS` env vars. Set these values at your own risk." + description: "`debug` allows setting some aspects of the internal configuration of the eBPF agent.\nThis section is aimed exclusively for debugging and fine-grained performance optimizations,\nsuch as `GOGC` and `GOMAXPROCS` env vars. Set these values at your own risk." properties: env: additionalProperties: type: "string" - description: "`env` allows passing custom environment variables to underlying components. Useful for passing some very concrete performance-tuning options, such as `GOGC` and `GOMAXPROCS`, that should not be publicly exposed as part of the FlowCollector descriptor, as they are only useful in edge debug or support scenarios." + description: "`env` allows passing custom environment variables to underlying components. Useful for passing\nsome very concrete performance-tuning options, such as `GOGC` and `GOMAXPROCS`, that should not be\npublicly exposed as part of the FlowCollector descriptor, as they are only useful\nin edge debug or support scenarios." type: "object" type: "object" excludeInterfaces: default: - "lo" - description: "`excludeInterfaces` contains the interface names that are excluded from flow tracing. An entry enclosed by slashes, such as `/br-/`, is matched as a regular expression. Otherwise it is matched as a case-sensitive string." + description: "`excludeInterfaces` contains the interface names that are excluded from flow tracing.\nAn entry enclosed by slashes, such as `/br-/`, is matched as a regular expression.\nOtherwise it is matched as a case-sensitive string." items: type: "string" type: "array" features: - description: "List of additional features to enable. They are all disabled by default. Enabling additional features might have performance impacts. Possible values are:
- `PacketDrop`: enable the packets drop flows logging feature. This feature requires mounting the kernel debug filesystem, so the eBPF pod has to run as privileged. If the `spec.agent.ebpf.privileged` parameter is not set, an error is reported.
- `DNSTracking`: enable the DNS tracking feature.
- `FlowRTT` [unsupported (*)]: enable flow latency (RTT) calculations in the eBPF agent during TCP handshakes. This feature better works with `sampling` set to 1.
" + description: "List of additional features to enable. They are all disabled by default. Enabling additional features might have performance impacts. Possible values are:
\n- `PacketDrop`: enable the packets drop flows logging feature. This feature requires mounting\nthe kernel debug filesystem, so the eBPF pod has to run as privileged.\nIf the `spec.agent.ebpf.privileged` parameter is not set, an error is reported.
\n- `DNSTracking`: enable the DNS tracking feature.
\n- `FlowRTT` [unsupported (*)]: enable flow latency (RTT) calculations in the eBPF agent during TCP handshakes. This feature better works with `sampling` set to 1.
" items: - description: "Agent feature, can be one of:
- `PacketDrop`, to track packet drops.
- `DNSTracking`, to track specific information on DNS traffic.
- `FlowRTT`, to track TCP latency. [Unsupported (*)].
" + description: "Agent feature, can be one of:
\n- `PacketDrop`, to track packet drops.
\n- `DNSTracking`, to track specific information on DNS traffic.
\n- `FlowRTT`, to track TCP latency. [Unsupported (*)].
" enum: - "PacketDrop" - "DNSTracking" @@ -95,7 +95,7 @@ spec: - "Never" type: "string" interfaces: - description: "`interfaces` contains the interface names from where flows are collected. If empty, the agent fetches all the interfaces in the system, excepting the ones listed in ExcludeInterfaces. An entry enclosed by slashes, such as `/br-/`, is matched as a regular expression. Otherwise it is matched as a case-sensitive string." + description: "`interfaces` contains the interface names from where flows are collected. If empty, the agent\nfetches all the interfaces in the system, excepting the ones listed in ExcludeInterfaces.\nAn entry enclosed by slashes, such as `/br-/`, is matched as a regular expression.\nOtherwise it is matched as a case-sensitive string." items: type: "string" type: "array" @@ -136,7 +136,7 @@ spec: properties: insecureSkipVerify: default: false - description: "`insecureSkipVerify` allows skipping client-side verification of the provided certificate. If set to `true`, the `providedCaFile` field is ignored." + description: "`insecureSkipVerify` allows skipping client-side verification of the provided certificate.\nIf set to `true`, the `providedCaFile` field is ignored." type: "boolean" provided: description: "TLS configuration when `type` is set to `PROVIDED`." @@ -152,7 +152,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the certificate reference: `configmap` or `secret`" @@ -172,7 +172,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the file reference: \"configmap\" or \"secret\"" @@ -183,7 +183,7 @@ spec: type: "object" type: default: "DISABLED" - description: "Select the type of TLS configuration:
- `DISABLED` (default) to not configure TLS for the endpoint. - `PROVIDED` to manually provide cert file and a key file. [Unsupported (*)]. - `AUTO` to use OpenShift auto generated certificate using annotations." + description: "Select the type of TLS configuration:
\n- `DISABLED` (default) to not configure TLS for the endpoint.\n- `PROVIDED` to manually provide cert file and a key file. [Unsupported (*)].\n- `AUTO` to use OpenShift auto generated certificate using annotations." enum: - "DISABLED" - "PROVIDED" @@ -193,7 +193,7 @@ spec: type: "object" type: "object" privileged: - description: "Privileged mode for the eBPF Agent container. When ignored or set to `false`, the operator sets granular capabilities (BPF, PERFMON, NET_ADMIN, SYS_RESOURCE) to the container. If for some reason these capabilities cannot be set, such as if an old kernel version not knowing CAP_BPF is in use, then you can turn on this mode for more global privileges. Some agent features require the privileged mode, such as packet drops tracking (see `features`) and SR-IOV support." + description: "Privileged mode for the eBPF Agent container. When ignored or set to `false`, the operator sets\ngranular capabilities (BPF, PERFMON, NET_ADMIN, SYS_RESOURCE) to the container.\nIf for some reason these capabilities cannot be set, such as if an old kernel version not knowing CAP_BPF\nis in use, then you can turn on this mode for more global privileges.\nSome agent features require the privileged mode, such as packet drops tracking (see `features`) and SR-IOV support." type: "boolean" resources: default: @@ -202,15 +202,15 @@ spec: requests: cpu: "100m" memory: "50Mi" - description: "`resources` are the compute resources required by this container. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "`resources` are the compute resources required by this container.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" required: - "name" @@ -226,7 +226,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -235,7 +235,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" sampling: @@ -246,7 +246,7 @@ spec: type: "integer" type: "object" ipfix: - description: "`ipfix` [deprecated (*)] - describes the settings related to the IPFIX-based flow reporter when `spec.agent.type` is set to `IPFIX`." + description: "`ipfix` [deprecated (*)] - describes the settings related to the IPFIX-based flow reporter when `spec.agent.type`\nis set to `IPFIX`." properties: cacheActiveTimeout: default: "20s" @@ -269,7 +269,7 @@ spec: type: "object" forceSampleAll: default: false - description: "`forceSampleAll` allows disabling sampling in the IPFIX-based flow reporter. It is not recommended to sample all the traffic with IPFIX, as it might generate cluster instability. If you REALLY want to do that, set this flag to `true`. Use at your own risk. When it is set to `true`, the value of `sampling` is ignored." + description: "`forceSampleAll` allows disabling sampling in the IPFIX-based flow reporter.\nIt is not recommended to sample all the traffic with IPFIX, as it might generate cluster instability.\nIf you REALLY want to do that, set this flag to `true`. Use at your own risk.\nWhen it is set to `true`, the value of `sampling` is ignored." type: "boolean" ovnKubernetes: description: "`ovnKubernetes` defines the settings of the OVN-Kubernetes CNI, when available. This configuration is used when using OVN's IPFIX exports, without OpenShift. When using OpenShift, refer to the `clusterNetworkOperator` property instead." @@ -289,14 +289,14 @@ spec: type: "object" sampling: default: 400 - description: "`sampling` is the sampling rate on the reporter. 100 means one flow on 100 is sent. To ensure cluster stability, it is not possible to set a value below 2. If you really want to sample every packet, which might impact the cluster stability, refer to `forceSampleAll`. Alternatively, you can use the eBPF Agent instead of IPFIX." + description: "`sampling` is the sampling rate on the reporter. 100 means one flow on 100 is sent.\nTo ensure cluster stability, it is not possible to set a value below 2.\nIf you really want to sample every packet, which might impact the cluster stability,\nrefer to `forceSampleAll`. Alternatively, you can use the eBPF Agent instead of IPFIX." format: "int32" minimum: 2.0 type: "integer" type: "object" type: default: "EBPF" - description: "`type` [deprecated (*)] selects the flows tracing agent. The only possible value is `EBPF` (default), to use NetObserv eBPF agent.
Previously, using an IPFIX collector was allowed, but was deprecated and it is now removed.
Setting `IPFIX` is ignored and still use the eBPF Agent. Since there is only a single option here, this field will be remove in a future API version." + description: "`type` [deprecated (*)] selects the flows tracing agent. The only possible value is `EBPF` (default), to use NetObserv eBPF agent.
\nPreviously, using an IPFIX collector was allowed, but was deprecated and it is now removed.
\nSetting `IPFIX` is ignored and still use the eBPF Agent.\nSince there is only a single option here, this field will be remove in a future API version." enum: - "EBPF" - "IPFIX" @@ -379,6 +379,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" required: - "name" type: "object" @@ -449,6 +450,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" required: - "name" type: "object" @@ -508,6 +510,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" required: - "name" type: "object" @@ -574,12 +577,12 @@ spec: type: "object" type: "array" minReplicas: - description: "`minReplicas` is the lower limit for the number of replicas to which the autoscaler can scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the alpha feature gate HPAScaleToZero is enabled and at least one Object or External metric is configured. Scaling is active as long as at least one metric value is available." + description: "`minReplicas` is the lower limit for the number of replicas to which the autoscaler\ncan scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the\nalpha feature gate HPAScaleToZero is enabled and at least one Object or External\nmetric is configured. Scaling is active as long as at least one metric value is\navailable." format: "int32" type: "integer" status: default: "DISABLED" - description: "`status` describes the desired status regarding deploying an horizontal pod autoscaler.
- `DISABLED` does not deploy an horizontal pod autoscaler.
- `ENABLED` deploys an horizontal pod autoscaler.
" + description: "`status` describes the desired status regarding deploying an horizontal pod autoscaler.
\n- `DISABLED` does not deploy an horizontal pod autoscaler.
\n- `ENABLED` deploys an horizontal pod autoscaler.
" enum: - "DISABLED" - "ENABLED" @@ -587,7 +590,7 @@ spec: type: "object" enable: default: true - description: "Enables the console plugin deployment. `spec.loki.enable` must also be `true`" + description: "Enables the console plugin deployment.\n`spec.loki.enable` must also be `true`" type: "boolean" imagePullPolicy: default: "IfNotPresent" @@ -628,7 +631,7 @@ spec: portNames: additionalProperties: type: "string" - description: "`portNames` defines additional port names to use in the console, for example, `portNames: {\"3100\": \"loki\"}`." + description: "`portNames` defines additional port names to use in the console,\nfor example, `portNames: {\"3100\": \"loki\"}`." type: "object" type: "object" quickFilters: @@ -658,7 +661,7 @@ spec: filter: additionalProperties: type: "string" - description: "`filter` is a set of keys and values to be set when this filter is selected. Each key can relate to a list of values using a coma-separated string, for example, `filter: {\"src_namespace\": \"namespace1,namespace2\"}`." + description: "`filter` is a set of keys and values to be set when this filter is selected. Each key can relate to a list of values using a coma-separated string,\nfor example, `filter: {\"src_namespace\": \"namespace1,namespace2\"}`." type: "object" name: description: "Name of the filter, that is displayed in the Console" @@ -670,7 +673,7 @@ spec: type: "array" register: default: true - description: "`register` allows, when set to `true`, to automatically register the provided console plugin with the OpenShift Console operator. When set to `false`, you can still register it manually by editing console.operator.openshift.io/cluster with the following command: `oc patch console.operator.openshift.io cluster --type='json' -p '[{\"op\": \"add\", \"path\": \"/spec/plugins/-\", \"value\": \"netobserv-plugin\"}]'`" + description: "`register` allows, when set to `true`, to automatically register the provided console plugin with the OpenShift Console operator.\nWhen set to `false`, you can still register it manually by editing console.operator.openshift.io/cluster with the following command:\n`oc patch console.operator.openshift.io cluster --type='json' -p '[{\"op\": \"add\", \"path\": \"/spec/plugins/-\", \"value\": \"netobserv-plugin\"}]'`" type: "boolean" replicas: default: 1 @@ -685,15 +688,15 @@ spec: requests: cpu: "100m" memory: "50Mi" - description: "`resources`, in terms of compute resources, required by this container. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "`resources`, in terms of compute resources, required by this container.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" required: - "name" @@ -709,7 +712,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -718,13 +721,13 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" type: "object" deploymentModel: default: "DIRECT" - description: "`deploymentModel` defines the desired type of deployment for flow processing. Possible values are:
- `DIRECT` (default) to make the flow processor listening directly from the agents.
- `KAFKA` to make flows sent to a Kafka pipeline before consumption by the processor.
Kafka can provide better scalability, resiliency, and high availability (for more details, see https://www.redhat.com/en/topics/integration/what-is-apache-kafka)." + description: "`deploymentModel` defines the desired type of deployment for flow processing. Possible values are:
\n- `DIRECT` (default) to make the flow processor listening directly from the agents.
\n- `KAFKA` to make flows sent to a Kafka pipeline before consumption by the processor.
\nKafka can provide better scalability, resiliency, and high availability (for more details, see https://www.redhat.com/en/topics/integration/what-is-apache-kafka)." enum: - "DIRECT" - "KAFKA" @@ -775,7 +778,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the file reference: \"configmap\" or \"secret\"" @@ -795,7 +798,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the file reference: \"configmap\" or \"secret\"" @@ -830,7 +833,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the certificate reference: `configmap` or `secret`" @@ -845,7 +848,7 @@ spec: type: "boolean" insecureSkipVerify: default: false - description: "`insecureSkipVerify` allows skipping client-side verification of the server certificate. If set to `true`, the `caCert` field is ignored." + description: "`insecureSkipVerify` allows skipping client-side verification of the server certificate.\nIf set to `true`, the `caCert` field is ignored." type: "boolean" userCert: description: "`userCert` defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)" @@ -861,7 +864,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the certificate reference: `configmap` or `secret`" @@ -910,7 +913,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the file reference: \"configmap\" or \"secret\"" @@ -930,7 +933,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the file reference: \"configmap\" or \"secret\"" @@ -965,7 +968,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the certificate reference: `configmap` or `secret`" @@ -980,7 +983,7 @@ spec: type: "boolean" insecureSkipVerify: default: false - description: "`insecureSkipVerify` allows skipping client-side verification of the server certificate. If set to `true`, the `caCert` field is ignored." + description: "`insecureSkipVerify` allows skipping client-side verification of the server certificate.\nIf set to `true`, the `caCert` field is ignored." type: "boolean" userCert: description: "`userCert` defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)" @@ -996,7 +999,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the certificate reference: `configmap` or `secret`" @@ -1019,7 +1022,7 @@ spec: properties: authToken: default: "DISABLED" - description: "`authToken` describes the way to get a token to authenticate to Loki.
- `DISABLED` does not send any token with the request.
- `FORWARD` forwards the user token for authorization.
- `HOST` [deprecated (*)] - uses the local pod service account to authenticate to Loki.
When using the Loki Operator, this must be set to `FORWARD`." + description: "`authToken` describes the way to get a token to authenticate to Loki.
\n- `DISABLED` does not send any token with the request.
\n- `FORWARD` forwards the user token for authorization.
\n- `HOST` [deprecated (*)] - uses the local pod service account to authenticate to Loki.
\nWhen using the Loki Operator, this must be set to `FORWARD`." enum: - "DISABLED" - "HOST" @@ -1054,11 +1057,11 @@ spec: description: "`minBackoff` is the initial backoff time for client connection between retries." type: "string" querierUrl: - description: "`querierURL` specifies the address of the Loki querier service, in case it is different from the Loki ingester URL. If empty, the URL value is used (assuming that the Loki ingester and querier are in the same server). When using the Loki Operator, do not set it, since ingestion and queries use the Loki gateway." + description: "`querierURL` specifies the address of the Loki querier service, in case it is different from the\nLoki ingester URL. If empty, the URL value is used (assuming that the Loki ingester\nand querier are in the same server). When using the Loki Operator, do not set it, since\ningestion and queries use the Loki gateway." type: "string" readTimeout: default: "30s" - description: "`readTimeout` is the maximum loki query total time limit. A timeout of zero means no timeout." + description: "`readTimeout` is the maximum loki query total time limit.\nA timeout of zero means no timeout." type: "string" staticLabels: additionalProperties: @@ -1084,7 +1087,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the certificate reference: `configmap` or `secret`" @@ -1099,7 +1102,7 @@ spec: type: "boolean" insecureSkipVerify: default: false - description: "`insecureSkipVerify` allows skipping client-side verification of the server certificate. If set to `true`, the `caCert` field is ignored." + description: "`insecureSkipVerify` allows skipping client-side verification of the server certificate.\nIf set to `true`, the `caCert` field is ignored." type: "boolean" userCert: description: "`userCert` defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)" @@ -1115,7 +1118,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the certificate reference: `configmap` or `secret`" @@ -1126,15 +1129,15 @@ spec: type: "object" type: "object" statusUrl: - description: "`statusURL` specifies the address of the Loki `/ready`, `/metrics` and `/config` endpoints, in case it is different from the Loki querier URL. If empty, the `querierURL` value is used. This is useful to show error messages and some context in the frontend. When using the Loki Operator, set it to the Loki HTTP query frontend service, for example https://loki-query-frontend-http.netobserv.svc:3100/. `statusTLS` configuration is used when `statusUrl` is set." + description: "`statusURL` specifies the address of the Loki `/ready`, `/metrics` and `/config` endpoints, in case it is different from the\nLoki querier URL. If empty, the `querierURL` value is used.\nThis is useful to show error messages and some context in the frontend.\nWhen using the Loki Operator, set it to the Loki HTTP query frontend service, for example\nhttps://loki-query-frontend-http.netobserv.svc:3100/.\n`statusTLS` configuration is used when `statusUrl` is set." type: "string" tenantID: default: "netobserv" - description: "`tenantID` is the Loki `X-Scope-OrgID` that identifies the tenant for each request. When using the Loki Operator, set it to `network`, which corresponds to a special tenant mode." + description: "`tenantID` is the Loki `X-Scope-OrgID` that identifies the tenant for each request.\nWhen using the Loki Operator, set it to `network`, which corresponds to a special tenant mode." type: "string" timeout: default: "10s" - description: "`timeout` is the maximum processor time connection / request limit. A timeout of zero means no timeout." + description: "`timeout` is the maximum processor time connection / request limit.\nA timeout of zero means no timeout." type: "string" tls: description: "TLS client configuration for Loki URL." @@ -1153,7 +1156,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the certificate reference: `configmap` or `secret`" @@ -1168,7 +1171,7 @@ spec: type: "boolean" insecureSkipVerify: default: false - description: "`insecureSkipVerify` allows skipping client-side verification of the server certificate. If set to `true`, the `caCert` field is ignored." + description: "`insecureSkipVerify` allows skipping client-side verification of the server certificate.\nIf set to `true`, the `caCert` field is ignored." type: "boolean" userCert: description: "`userCert` defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)" @@ -1184,7 +1187,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the certificate reference: `configmap` or `secret`" @@ -1196,7 +1199,7 @@ spec: type: "object" url: default: "http://loki:3100/" - description: "`url` is the address of an existing Loki service to push the flows to. When using the Loki Operator, set it to the Loki gateway service with the `network` tenant set in path, for example https://loki-gateway-http.netobserv.svc:8080/api/logs/v1/network." + description: "`url` is the address of an existing Loki service to push the flows to. When using the Loki Operator,\nset it to the Loki gateway service with the `network` tenant set in path, for example\nhttps://loki-gateway-http.netobserv.svc:8080/api/logs/v1/network." type: "string" type: "object" namespace: @@ -1204,10 +1207,10 @@ spec: description: "Namespace where NetObserv pods are deployed." type: "string" processor: - description: "`processor` defines the settings of the component that receives the flows from the agent, enriches them, generates metrics, and forwards them to the Loki persistence layer and/or any available exporter." + description: "`processor` defines the settings of the component that receives the flows from the agent,\nenriches them, generates metrics, and forwards them to the Loki persistence layer and/or any available exporter." properties: addZone: - description: "`addZone` allows availability zone awareness by labelling flows with their source and destination zones. This feature requires the \"topology.kubernetes.io/zone\" label to be set on nodes." + description: "`addZone` allows availability zone awareness by labelling flows with their source and destination zones.\nThis feature requires the \"topology.kubernetes.io/zone\" label to be set on nodes." type: "boolean" clusterName: default: "" @@ -1215,7 +1218,7 @@ spec: type: "string" conversationEndTimeout: default: "10s" - description: "`conversationEndTimeout` is the time to wait after a network flow is received, to consider the conversation ended. This delay is ignored when a FIN packet is collected for TCP flows (see `conversationTerminatingTimeout` instead)." + description: "`conversationEndTimeout` is the time to wait after a network flow is received, to consider the conversation ended.\nThis delay is ignored when a FIN packet is collected for TCP flows (see `conversationTerminatingTimeout` instead)." type: "string" conversationHeartbeatInterval: default: "30s" @@ -1226,12 +1229,12 @@ spec: description: "`conversationTerminatingTimeout` is the time to wait from detected FIN flag to end a conversation. Only relevant for TCP flows." type: "string" debug: - description: "`debug` allows setting some aspects of the internal configuration of the flow processor. This section is aimed exclusively for debugging and fine-grained performance optimizations, such as `GOGC` and `GOMAXPROCS` env vars. Set these values at your own risk." + description: "`debug` allows setting some aspects of the internal configuration of the flow processor.\nThis section is aimed exclusively for debugging and fine-grained performance optimizations,\nsuch as `GOGC` and `GOMAXPROCS` env vars. Set these values at your own risk." properties: env: additionalProperties: type: "string" - description: "`env` allows passing custom environment variables to underlying components. Useful for passing some very concrete performance-tuning options, such as `GOGC` and `GOMAXPROCS`, that should not be publicly exposed as part of the FlowCollector descriptor, as they are only useful in edge debug or support scenarios." + description: "`env` allows passing custom environment variables to underlying components. Useful for passing\nsome very concrete performance-tuning options, such as `GOGC` and `GOMAXPROCS`, that should not be\npublicly exposed as part of the FlowCollector descriptor, as they are only useful\nin edge debug or support scenarios." type: "object" type: "object" dropUnusedFields: @@ -1258,7 +1261,7 @@ spec: - "Never" type: "string" kafkaConsumerAutoscaler: - description: "`kafkaConsumerAutoscaler` is the spec of a horizontal pod autoscaler to set up for `flowlogs-pipeline-transformer`, which consumes Kafka messages. This setting is ignored when Kafka is disabled." + description: "`kafkaConsumerAutoscaler` is the spec of a horizontal pod autoscaler to set up for `flowlogs-pipeline-transformer`, which consumes Kafka messages.\nThis setting is ignored when Kafka is disabled." properties: maxReplicas: default: 3 @@ -1331,6 +1334,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" required: - "name" type: "object" @@ -1401,6 +1405,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" required: - "name" type: "object" @@ -1460,6 +1465,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" required: - "name" type: "object" @@ -1526,12 +1532,12 @@ spec: type: "object" type: "array" minReplicas: - description: "`minReplicas` is the lower limit for the number of replicas to which the autoscaler can scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the alpha feature gate HPAScaleToZero is enabled and at least one Object or External metric is configured. Scaling is active as long as at least one metric value is available." + description: "`minReplicas` is the lower limit for the number of replicas to which the autoscaler\ncan scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the\nalpha feature gate HPAScaleToZero is enabled and at least one Object or External\nmetric is configured. Scaling is active as long as at least one metric value is\navailable." format: "int32" type: "integer" status: default: "DISABLED" - description: "`status` describes the desired status regarding deploying an horizontal pod autoscaler.
- `DISABLED` does not deploy an horizontal pod autoscaler.
- `ENABLED` deploys an horizontal pod autoscaler.
" + description: "`status` describes the desired status regarding deploying an horizontal pod autoscaler.
\n- `DISABLED` does not deploy an horizontal pod autoscaler.
\n- `ENABLED` deploys an horizontal pod autoscaler.
" enum: - "DISABLED" - "ENABLED" @@ -1547,7 +1553,7 @@ spec: type: "integer" kafkaConsumerReplicas: default: 3 - description: "`kafkaConsumerReplicas` defines the number of replicas (pods) to start for `flowlogs-pipeline-transformer`, which consumes Kafka messages. This setting is ignored when Kafka is disabled." + description: "`kafkaConsumerReplicas` defines the number of replicas (pods) to start for `flowlogs-pipeline-transformer`, which consumes Kafka messages.\nThis setting is ignored when Kafka is disabled." format: "int32" minimum: 0.0 type: "integer" @@ -1565,7 +1571,7 @@ spec: type: "string" logTypes: default: "FLOWS" - description: "`logTypes` defines the desired record types to generate. Possible values are:
- `FLOWS` (default) to export regular network flows
- `CONVERSATIONS` to generate events for started conversations, ended conversations as well as periodic \"tick\" updates
- `ENDED_CONVERSATIONS` to generate only ended conversations events
- `ALL` to generate both network flows and all conversations events
" + description: "`logTypes` defines the desired record types to generate. Possible values are:
\n- `FLOWS` (default) to export regular network flows
\n- `CONVERSATIONS` to generate events for started conversations, ended conversations as well as periodic \"tick\" updates
\n- `ENDED_CONVERSATIONS` to generate only ended conversations events
\n- `ALL` to generate both network flows and all conversations events
" enum: - "FLOWS" - "CONVERSATIONS" @@ -1576,9 +1582,9 @@ spec: description: "`Metrics` define the processor configuration regarding metrics" properties: disableAlerts: - description: "`disableAlerts` is a list of alerts that should be disabled. Possible values are:
`NetObservNoFlows`, which is triggered when no flows are being observed for a certain period.
`NetObservLokiError`, which is triggered when flows are being dropped due to Loki errors.
" + description: "`disableAlerts` is a list of alerts that should be disabled.\nPossible values are:
\n`NetObservNoFlows`, which is triggered when no flows are being observed for a certain period.
\n`NetObservLokiError`, which is triggered when flows are being dropped due to Loki errors.
" items: - description: "Name of a processor alert. Possible values are:
- `NetObservNoFlows`, which is triggered when no flows are being observed for a certain period.
- `NetObservLokiError`, which is triggered when flows are being dropped due to Loki errors.
" + description: "Name of a processor alert.\nPossible values are:
\n- `NetObservNoFlows`, which is triggered when no flows are being observed for a certain period.
\n- `NetObservLokiError`, which is triggered when flows are being dropped due to Loki errors.
" enum: - "NetObservNoFlows" - "NetObservLokiError" @@ -1592,12 +1598,12 @@ spec: - "namespaces-flows" - "workloads-flows" - "namespaces" - description: "`ignoreTags` [deprecated (*)] is a list of tags to specify which metrics to ignore. Each metric is associated with a list of tags. More details in https://github.com/netobserv/network-observability-operator/tree/main/controllers/flowlogspipeline/metrics_definitions . Available tags are: `egress`, `ingress`, `flows`, `bytes`, `packets`, `namespaces`, `nodes`, `workloads`, `nodes-flows`, `namespaces-flows`, `workloads-flows`. Namespace-based metrics are covered by both `workloads` and `namespaces` tags, hence it is recommended to always ignore one of them (`workloads` offering a finer granularity).
Deprecation notice: use `includeList` instead." + description: "`ignoreTags` [deprecated (*)] is a list of tags to specify which metrics to ignore. Each metric is associated with a list of tags. More details in https://github.com/netobserv/network-observability-operator/tree/main/controllers/flowlogspipeline/metrics_definitions .\nAvailable tags are: `egress`, `ingress`, `flows`, `bytes`, `packets`, `namespaces`, `nodes`, `workloads`, `nodes-flows`, `namespaces-flows`, `workloads-flows`.\nNamespace-based metrics are covered by both `workloads` and `namespaces` tags, hence it is recommended to always ignore one of them (`workloads` offering a finer granularity).
\nDeprecation notice: use `includeList` instead." items: type: "string" type: "array" includeList: - description: "`includeList` is a list of metric names to specify which ones to generate. The names correspond to the names in Prometheus without the prefix. For example, `namespace_egress_packets_total` will show up as `netobserv_namespace_egress_packets_total` in Prometheus. Note that the more metrics you add, the bigger is the impact on Prometheus workload resources. Metrics enabled by default are: `namespace_flows_total`, `node_ingress_bytes_total`, `workload_ingress_bytes_total`, `namespace_drop_packets_total` (when `PacketDrop` feature is enabled), `namespace_rtt_seconds` (when `FlowRTT` feature is enabled), `namespace_dns_latency_seconds` (when `DNSTracking` feature is enabled). More information, with full list of available metrics: https://github.com/netobserv/network-observability-operator/blob/main/docs/Metrics.md" + description: "`includeList` is a list of metric names to specify which ones to generate.\nThe names correspond to the names in Prometheus without the prefix. For example,\n`namespace_egress_packets_total` will show up as `netobserv_namespace_egress_packets_total` in Prometheus.\nNote that the more metrics you add, the bigger is the impact on Prometheus workload resources.\nMetrics enabled by default are:\n`namespace_flows_total`, `node_ingress_bytes_total`, `workload_ingress_bytes_total`, `namespace_drop_packets_total` (when `PacketDrop` feature is enabled),\n`namespace_rtt_seconds` (when `FlowRTT` feature is enabled), `namespace_dns_latency_seconds` (when `DNSTracking` feature is enabled).\nMore information, with full list of available metrics: https://github.com/netobserv/network-observability-operator/blob/main/docs/Metrics.md" items: description: "Metric name. More information in https://github.com/netobserv/network-observability-operator/blob/main/docs/Metrics.md." enum: @@ -1645,7 +1651,7 @@ spec: properties: insecureSkipVerify: default: false - description: "`insecureSkipVerify` allows skipping client-side verification of the provided certificate. If set to `true`, the `providedCaFile` field is ignored." + description: "`insecureSkipVerify` allows skipping client-side verification of the provided certificate.\nIf set to `true`, the `providedCaFile` field is ignored." type: "boolean" provided: description: "TLS configuration when `type` is set to `PROVIDED`." @@ -1661,7 +1667,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the certificate reference: `configmap` or `secret`" @@ -1681,7 +1687,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the file reference: \"configmap\" or \"secret\"" @@ -1692,7 +1698,7 @@ spec: type: "object" type: default: "DISABLED" - description: "Select the type of TLS configuration:
- `DISABLED` (default) to not configure TLS for the endpoint. - `PROVIDED` to manually provide cert file and a key file. [Unsupported (*)]. - `AUTO` to use OpenShift auto generated certificate using annotations." + description: "Select the type of TLS configuration:
\n- `DISABLED` (default) to not configure TLS for the endpoint.\n- `PROVIDED` to manually provide cert file and a key file. [Unsupported (*)].\n- `AUTO` to use OpenShift auto generated certificate using annotations." enum: - "DISABLED" - "PROVIDED" @@ -1707,7 +1713,7 @@ spec: type: "boolean" port: default: 2055 - description: "Port of the flow collector (host port). By convention, some values are forbidden. It must be greater than 1024 and different from 4500, 4789 and 6081." + description: "Port of the flow collector (host port).\nBy convention, some values are forbidden. It must be greater than 1024 and different from\n4500, 4789 and 6081." format: "int32" maximum: 65535.0 minimum: 1025.0 @@ -1725,15 +1731,15 @@ spec: requests: cpu: "100m" memory: "100Mi" - description: "`resources` are the compute resources required by this container. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "`resources` are the compute resources required by this container.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" required: - "name" @@ -1749,7 +1755,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -1758,14 +1764,14 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" subnetLabels: description: "`subnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift." properties: customLabels: - description: "`customLabels` allows to customize subnets and IPs labelling, such as to identify cluster-external workloads or web services. If you enable `openShiftAutoDetect`, `customLabels` can override the detected subnets in case they overlap." + description: "`customLabels` allows to customize subnets and IPs labelling, such as to identify cluster-external workloads or web services.\nIf you enable `openShiftAutoDetect`, `customLabels` can override the detected subnets in case they overlap." items: description: "SubnetLabel allows to label subnets and IPs, such as to identify cluster-external workloads or web services." properties: @@ -1780,7 +1786,7 @@ spec: type: "object" type: "array" openShiftAutoDetect: - description: "`openShiftAutoDetect` allows, when set to `true`, to detect automatically the machines, pods and services subnets based on the OpenShift install configuration and the Cluster Network Operator configuration." + description: "`openShiftAutoDetect` allows, when set to `true`, to detect automatically the machines, pods and services subnets based on the\nOpenShift install configuration and the Cluster Network Operator configuration." type: "boolean" type: "object" type: "object" @@ -1791,23 +1797,23 @@ spec: conditions: description: "`conditions` represent the latest available observations of an object's state" items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n \ttype FooStatus struct{ \t // Represents the observations of a foo's current state. \t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" \t // +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map \t // +listMapKey=type \t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields \t}" + description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" properties: lastTransitionTime: - description: "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." + description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." format: "date-time" type: "string" message: - description: "message is a human readable message indicating details about the transition. This may be an empty string." + description: "message is a human readable message indicating details about the transition.\nThis may be an empty string." maxLength: 32768 type: "string" observedGeneration: - description: "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance." + description: "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance." format: "int64" minimum: 0.0 type: "integer" reason: - description: "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty." + description: "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty." maxLength: 1024 minLength: 1 pattern: "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" @@ -1820,7 +1826,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" @@ -1843,9 +1849,3 @@ spec: storage: false subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta2/flowcollectors.yaml b/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta2/flowcollectors.yaml index 98ee37caf..06dcdf27a 100644 --- a/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta2/flowcollectors.yaml +++ b/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta2/flowcollectors.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.6.1" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "flowcollectors.flows.netobserv.io" spec: group: "flows.netobserv.io" @@ -32,24 +32,24 @@ spec: description: "`FlowCollector` is the schema for the network flows collection API, which pilots and configures the underlying deployments." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" spec: - description: "Defines the desired state of the FlowCollector resource.

*: the mention of \"unsupported\", or \"deprecated\" for a feature throughout this document means that this feature is not officially supported by Red Hat. It might have been, for example, contributed by the community and accepted without a formal agreement for maintenance. The product maintainers might provide some support for these features as a best effort only." + description: "Defines the desired state of the FlowCollector resource.\n

\n*: the mention of \"unsupported\", or \"deprecated\" for a feature throughout this document means that this feature\nis not officially supported by Red Hat. It might have been, for example, contributed by the community\nand accepted without a formal agreement for maintenance. The product maintainers might provide some support\nfor these features as a best effort only." properties: agent: description: "Agent configuration for flows extraction." properties: ebpf: - description: "`ebpf` describes the settings related to the eBPF-based flow reporter when `spec.agent.type` is set to `eBPF`." + description: "`ebpf` describes the settings related to the eBPF-based flow reporter when `spec.agent.type`\nis set to `eBPF`." properties: advanced: - description: "`advanced` allows setting some aspects of the internal configuration of the eBPF agent. This section is aimed mostly for debugging and fine-grained performance optimizations, such as `GOGC` and `GOMAXPROCS` env vars. Set these values at your own risk." + description: "`advanced` allows setting some aspects of the internal configuration of the eBPF agent.\nThis section is aimed mostly for debugging and fine-grained performance optimizations,\nsuch as `GOGC` and `GOMAXPROCS` env vars. Set these values at your own risk." properties: affinity: description: "If specified, the pod's scheduling constraints. For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling" @@ -94,6 +94,7 @@ spec: type: "object" type: "array" type: "object" + x-kubernetes-map-type: "atomic" weight: format: "int32" type: "integer" @@ -140,10 +141,12 @@ spec: type: "object" type: "array" type: "object" + x-kubernetes-map-type: "atomic" type: "array" required: - "nodeSelectorTerms" type: "object" + x-kubernetes-map-type: "atomic" type: "object" podAffinity: properties: @@ -175,6 +178,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" matchLabelKeys: items: type: "string" @@ -208,6 +212,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" namespaces: items: type: "string" @@ -251,6 +256,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" matchLabelKeys: items: type: "string" @@ -284,6 +290,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" namespaces: items: type: "string" @@ -325,6 +332,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" matchLabelKeys: items: type: "string" @@ -358,6 +366,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" namespaces: items: type: "string" @@ -401,6 +410,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" matchLabelKeys: items: type: "string" @@ -434,6 +444,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" namespaces: items: type: "string" @@ -449,40 +460,40 @@ spec: env: additionalProperties: type: "string" - description: "`env` allows passing custom environment variables to underlying components. Useful for passing some very concrete performance-tuning options, such as `GOGC` and `GOMAXPROCS`, that should not be publicly exposed as part of the FlowCollector descriptor, as they are only useful in edge debug or support scenarios." + description: "`env` allows passing custom environment variables to underlying components. Useful for passing\nsome very concrete performance-tuning options, such as `GOGC` and `GOMAXPROCS`, that should not be\npublicly exposed as part of the FlowCollector descriptor, as they are only useful\nin edge debug or support scenarios." type: "object" nodeSelector: additionalProperties: type: "string" - description: "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" + description: "NodeSelector is a selector which must be true for the pod to fit on a node.\nSelector which must match a node's labels for the pod to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" type: "object" x-kubernetes-map-type: "atomic" priorityClassName: - description: "If specified, indicates the pod's priority. \"system-node-critical\" and \"system-cluster-critical\" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default." + description: "If specified, indicates the pod's priority. \"system-node-critical\" and\n\"system-cluster-critical\" are two special keywords which indicate the\nhighest priorities with the former being the highest priority. Any other\nname must be defined by creating a PriorityClass object with that name.\nIf not specified, the pod priority will be default or zero if there is no\ndefault." type: "string" type: "object" cacheActiveTimeout: default: "5s" - description: "`cacheActiveTimeout` is the max period during which the reporter aggregates flows before sending. Increasing `cacheMaxFlows` and `cacheActiveTimeout` can decrease the network traffic overhead and the CPU load, however you can expect higher memory consumption and an increased latency in the flow collection." + description: "`cacheActiveTimeout` is the max period during which the reporter aggregates flows before sending.\nIncreasing `cacheMaxFlows` and `cacheActiveTimeout` can decrease the network traffic overhead and the CPU load,\nhowever you can expect higher memory consumption and an increased latency in the flow collection." pattern: "^\\d+(ns|ms|s|m)?$" type: "string" cacheMaxFlows: default: 100000 - description: "`cacheMaxFlows` is the max number of flows in an aggregate; when reached, the reporter sends the flows. Increasing `cacheMaxFlows` and `cacheActiveTimeout` can decrease the network traffic overhead and the CPU load, however you can expect higher memory consumption and an increased latency in the flow collection." + description: "`cacheMaxFlows` is the max number of flows in an aggregate; when reached, the reporter sends the flows.\nIncreasing `cacheMaxFlows` and `cacheActiveTimeout` can decrease the network traffic overhead and the CPU load,\nhowever you can expect higher memory consumption and an increased latency in the flow collection." format: "int32" minimum: 1.0 type: "integer" excludeInterfaces: default: - "lo" - description: "`excludeInterfaces` contains the interface names that are excluded from flow tracing. An entry enclosed by slashes, such as `/br-/`, is matched as a regular expression. Otherwise it is matched as a case-sensitive string." + description: "`excludeInterfaces` contains the interface names that are excluded from flow tracing.\nAn entry enclosed by slashes, such as `/br-/`, is matched as a regular expression.\nOtherwise it is matched as a case-sensitive string." items: type: "string" type: "array" features: - description: "List of additional features to enable. They are all disabled by default. Enabling additional features might have performance impacts. Possible values are:
- `PacketDrop`: enable the packets drop flows logging feature. This feature requires mounting the kernel debug filesystem, so the eBPF pod has to run as privileged. If the `spec.agent.ebpf.privileged` parameter is not set, an error is reported.
- `DNSTracking`: enable the DNS tracking feature.
- `FlowRTT`: enable flow latency (RTT) calculations in the eBPF agent during TCP handshakes. This feature better works with `sampling` set to 1.
" + description: "List of additional features to enable. They are all disabled by default. Enabling additional features might have performance impacts. Possible values are:
\n- `PacketDrop`: enable the packets drop flows logging feature. This feature requires mounting\nthe kernel debug filesystem, so the eBPF pod has to run as privileged.\nIf the `spec.agent.ebpf.privileged` parameter is not set, an error is reported.
\n- `DNSTracking`: enable the DNS tracking feature.
\n- `FlowRTT`: enable flow latency (RTT) calculations in the eBPF agent during TCP handshakes. This feature better works with `sampling` set to 1.
" items: - description: "Agent feature, can be one of:
- `PacketDrop`, to track packet drops.
- `DNSTracking`, to track specific information on DNS traffic.
- `FlowRTT`, to track TCP latency.
" + description: "Agent feature, can be one of:
\n- `PacketDrop`, to track packet drops.
\n- `DNSTracking`, to track specific information on DNS traffic.
\n- `FlowRTT`, to track TCP latency.
" enum: - "PacketDrop" - "DNSTracking" @@ -498,7 +509,7 @@ spec: - "Never" type: "string" interfaces: - description: "`interfaces` contains the interface names from where flows are collected. If empty, the agent fetches all the interfaces in the system, excepting the ones listed in ExcludeInterfaces. An entry enclosed by slashes, such as `/br-/`, is matched as a regular expression. Otherwise it is matched as a case-sensitive string." + description: "`interfaces` contains the interface names from where flows are collected. If empty, the agent\nfetches all the interfaces in the system, excepting the ones listed in ExcludeInterfaces.\nAn entry enclosed by slashes, such as `/br-/`, is matched as a regular expression.\nOtherwise it is matched as a case-sensitive string." items: type: "string" type: "array" @@ -539,7 +550,7 @@ spec: properties: insecureSkipVerify: default: false - description: "`insecureSkipVerify` allows skipping client-side verification of the provided certificate. If set to `true`, the `providedCaFile` field is ignored." + description: "`insecureSkipVerify` allows skipping client-side verification of the provided certificate.\nIf set to `true`, the `providedCaFile` field is ignored." type: "boolean" provided: description: "TLS configuration when `type` is set to `Provided`." @@ -555,7 +566,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the certificate reference: `configmap` or `secret`" @@ -575,7 +586,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the file reference: \"configmap\" or \"secret\"" @@ -586,7 +597,7 @@ spec: type: "object" type: default: "Disabled" - description: "Select the type of TLS configuration:
- `Disabled` (default) to not configure TLS for the endpoint. - `Provided` to manually provide cert file and a key file. [Unsupported (*)]. - `Auto` to use OpenShift auto generated certificate using annotations." + description: "Select the type of TLS configuration:
\n- `Disabled` (default) to not configure TLS for the endpoint.\n- `Provided` to manually provide cert file and a key file. [Unsupported (*)].\n- `Auto` to use OpenShift auto generated certificate using annotations." enum: - "Disabled" - "Provided" @@ -596,7 +607,7 @@ spec: type: "object" type: "object" privileged: - description: "Privileged mode for the eBPF Agent container. When ignored or set to `false`, the operator sets granular capabilities (BPF, PERFMON, NET_ADMIN, SYS_RESOURCE) to the container. If for some reason these capabilities cannot be set, such as if an old kernel version not knowing CAP_BPF is in use, then you can turn on this mode for more global privileges. Some agent features require the privileged mode, such as packet drops tracking (see `features`) and SR-IOV support." + description: "Privileged mode for the eBPF Agent container. When ignored or set to `false`, the operator sets\ngranular capabilities (BPF, PERFMON, NET_ADMIN, SYS_RESOURCE) to the container.\nIf for some reason these capabilities cannot be set, such as if an old kernel version not knowing CAP_BPF\nis in use, then you can turn on this mode for more global privileges.\nSome agent features require the privileged mode, such as packet drops tracking (see `features`) and SR-IOV support." type: "boolean" resources: default: @@ -605,15 +616,15 @@ spec: requests: cpu: "100m" memory: "50Mi" - description: "`resources` are the compute resources required by this container. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "`resources` are the compute resources required by this container.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" required: - "name" @@ -629,7 +640,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -638,7 +649,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" sampling: @@ -649,7 +660,7 @@ spec: type: "integer" type: "object" ipfix: - description: "`ipfix` [deprecated (*)] - describes the settings related to the IPFIX-based flow reporter when `spec.agent.type` is set to `IPFIX`." + description: "`ipfix` [deprecated (*)] - describes the settings related to the IPFIX-based flow reporter when `spec.agent.type`\nis set to `IPFIX`." properties: cacheActiveTimeout: default: "20s" @@ -672,7 +683,7 @@ spec: type: "object" forceSampleAll: default: false - description: "`forceSampleAll` allows disabling sampling in the IPFIX-based flow reporter. It is not recommended to sample all the traffic with IPFIX, as it might generate cluster instability. If you REALLY want to do that, set this flag to `true`. Use at your own risk. When it is set to `true`, the value of `sampling` is ignored." + description: "`forceSampleAll` allows disabling sampling in the IPFIX-based flow reporter.\nIt is not recommended to sample all the traffic with IPFIX, as it might generate cluster instability.\nIf you REALLY want to do that, set this flag to `true`. Use at your own risk.\nWhen it is set to `true`, the value of `sampling` is ignored." type: "boolean" ovnKubernetes: description: "`ovnKubernetes` defines the settings of the OVN-Kubernetes CNI, when available. This configuration is used when using OVN's IPFIX exports, without OpenShift. When using OpenShift, refer to the `clusterNetworkOperator` property instead." @@ -692,14 +703,14 @@ spec: type: "object" sampling: default: 400 - description: "`sampling` is the sampling rate on the reporter. 100 means one flow on 100 is sent. To ensure cluster stability, it is not possible to set a value below 2. If you really want to sample every packet, which might impact the cluster stability, refer to `forceSampleAll`. Alternatively, you can use the eBPF Agent instead of IPFIX." + description: "`sampling` is the sampling rate on the reporter. 100 means one flow on 100 is sent.\nTo ensure cluster stability, it is not possible to set a value below 2.\nIf you really want to sample every packet, which might impact the cluster stability,\nrefer to `forceSampleAll`. Alternatively, you can use the eBPF Agent instead of IPFIX." format: "int32" minimum: 2.0 type: "integer" type: "object" type: default: "eBPF" - description: "`type` [deprecated (*)] selects the flows tracing agent. The only possible value is `eBPF` (default), to use NetObserv eBPF agent.
Previously, using an IPFIX collector was allowed, but was deprecated and it is now removed.
Setting `IPFIX` is ignored and still use the eBPF Agent. Since there is only a single option here, this field will be remove in a future API version." + description: "`type` [deprecated (*)] selects the flows tracing agent. The only possible value is `eBPF` (default), to use NetObserv eBPF agent.
\nPreviously, using an IPFIX collector was allowed, but was deprecated and it is now removed.
\nSetting `IPFIX` is ignored and still use the eBPF Agent.\nSince there is only a single option here, this field will be remove in a future API version." enum: - "eBPF" - "IPFIX" @@ -709,7 +720,7 @@ spec: description: "`consolePlugin` defines the settings related to the OpenShift Console plugin, when available." properties: advanced: - description: "`advanced` allows setting some aspects of the internal configuration of the console plugin. This section is aimed mostly for debugging and fine-grained performance optimizations, such as `GOGC` and `GOMAXPROCS` env vars. Set these values at your own risk." + description: "`advanced` allows setting some aspects of the internal configuration of the console plugin.\nThis section is aimed mostly for debugging and fine-grained performance optimizations,\nsuch as `GOGC` and `GOMAXPROCS` env vars. Set these values at your own risk." properties: affinity: description: "If specified, the pod's scheduling constraints. For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling" @@ -754,6 +765,7 @@ spec: type: "object" type: "array" type: "object" + x-kubernetes-map-type: "atomic" weight: format: "int32" type: "integer" @@ -800,10 +812,12 @@ spec: type: "object" type: "array" type: "object" + x-kubernetes-map-type: "atomic" type: "array" required: - "nodeSelectorTerms" type: "object" + x-kubernetes-map-type: "atomic" type: "object" podAffinity: properties: @@ -835,6 +849,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" matchLabelKeys: items: type: "string" @@ -868,6 +883,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" namespaces: items: type: "string" @@ -911,6 +927,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" matchLabelKeys: items: type: "string" @@ -944,6 +961,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" namespaces: items: type: "string" @@ -985,6 +1003,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" matchLabelKeys: items: type: "string" @@ -1018,6 +1037,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" namespaces: items: type: "string" @@ -1061,6 +1081,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" matchLabelKeys: items: type: "string" @@ -1094,6 +1115,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" namespaces: items: type: "string" @@ -1107,19 +1129,19 @@ spec: type: "object" type: "object" args: - description: "`args` allows passing custom arguments to underlying components. Useful for overriding some parameters, such as an url or a configuration path, that should not be publicly exposed as part of the FlowCollector descriptor, as they are only useful in edge debug or support scenarios." + description: "`args` allows passing custom arguments to underlying components. Useful for overriding\nsome parameters, such as an url or a configuration path, that should not be\npublicly exposed as part of the FlowCollector descriptor, as they are only useful\nin edge debug or support scenarios." items: type: "string" type: "array" env: additionalProperties: type: "string" - description: "`env` allows passing custom environment variables to underlying components. Useful for passing some very concrete performance-tuning options, such as `GOGC` and `GOMAXPROCS`, that should not be publicly exposed as part of the FlowCollector descriptor, as they are only useful in edge debug or support scenarios." + description: "`env` allows passing custom environment variables to underlying components. Useful for passing\nsome very concrete performance-tuning options, such as `GOGC` and `GOMAXPROCS`, that should not be\npublicly exposed as part of the FlowCollector descriptor, as they are only useful\nin edge debug or support scenarios." type: "object" nodeSelector: additionalProperties: type: "string" - description: "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" + description: "NodeSelector is a selector which must be true for the pod to fit on a node.\nSelector which must match a node's labels for the pod to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" type: "object" x-kubernetes-map-type: "atomic" port: @@ -1130,11 +1152,11 @@ spec: minimum: 1.0 type: "integer" priorityClassName: - description: "If specified, indicates the pod's priority. \"system-node-critical\" and \"system-cluster-critical\" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default." + description: "If specified, indicates the pod's priority. \"system-node-critical\" and\n\"system-cluster-critical\" are two special keywords which indicate the\nhighest priorities with the former being the highest priority. Any other\nname must be defined by creating a PriorityClass object with that name.\nIf not specified, the pod priority will be default or zero if there is no\ndefault." type: "string" register: default: true - description: "`register` allows, when set to `true`, to automatically register the provided console plugin with the OpenShift Console operator. When set to `false`, you can still register it manually by editing console.operator.openshift.io/cluster with the following command: `oc patch console.operator.openshift.io cluster --type='json' -p '[{\"op\": \"add\", \"path\": \"/spec/plugins/-\", \"value\": \"netobserv-plugin\"}]'`" + description: "`register` allows, when set to `true`, to automatically register the provided console plugin with the OpenShift Console operator.\nWhen set to `false`, you can still register it manually by editing console.operator.openshift.io/cluster with the following command:\n`oc patch console.operator.openshift.io cluster --type='json' -p '[{\"op\": \"add\", \"path\": \"/spec/plugins/-\", \"value\": \"netobserv-plugin\"}]'`" type: "boolean" type: "object" autoscaler: @@ -1211,6 +1233,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" required: - "name" type: "object" @@ -1281,6 +1304,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" required: - "name" type: "object" @@ -1340,6 +1364,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" required: - "name" type: "object" @@ -1406,12 +1431,12 @@ spec: type: "object" type: "array" minReplicas: - description: "`minReplicas` is the lower limit for the number of replicas to which the autoscaler can scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the alpha feature gate HPAScaleToZero is enabled and at least one Object or External metric is configured. Scaling is active as long as at least one metric value is available." + description: "`minReplicas` is the lower limit for the number of replicas to which the autoscaler\ncan scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the\nalpha feature gate HPAScaleToZero is enabled and at least one Object or External\nmetric is configured. Scaling is active as long as at least one metric value is\navailable." format: "int32" type: "integer" status: default: "Disabled" - description: "`status` describes the desired status regarding deploying an horizontal pod autoscaler.
- `Disabled` does not deploy an horizontal pod autoscaler.
- `Enabled` deploys an horizontal pod autoscaler.
" + description: "`status` describes the desired status regarding deploying an horizontal pod autoscaler.
\n- `Disabled` does not deploy an horizontal pod autoscaler.
\n- `Enabled` deploys an horizontal pod autoscaler.
" enum: - "Disabled" - "Enabled" @@ -1419,7 +1444,7 @@ spec: type: "object" enable: default: true - description: "Enables the console plugin deployment. `spec.loki.enable` must also be `true`" + description: "Enables the console plugin deployment.\n`spec.loki.enable` must also be `true`" type: "boolean" imagePullPolicy: default: "IfNotPresent" @@ -1453,7 +1478,7 @@ spec: portNames: additionalProperties: type: "string" - description: "`portNames` defines additional port names to use in the console, for example, `portNames: {\"3100\": \"loki\"}`." + description: "`portNames` defines additional port names to use in the console,\nfor example, `portNames: {\"3100\": \"loki\"}`." type: "object" type: "object" quickFilters: @@ -1483,7 +1508,7 @@ spec: filter: additionalProperties: type: "string" - description: "`filter` is a set of keys and values to be set when this filter is selected. Each key can relate to a list of values using a coma-separated string, for example, `filter: {\"src_namespace\": \"namespace1,namespace2\"}`." + description: "`filter` is a set of keys and values to be set when this filter is selected. Each key can relate to a list of values using a coma-separated string,\nfor example, `filter: {\"src_namespace\": \"namespace1,namespace2\"}`." type: "object" name: description: "Name of the filter, that is displayed in the Console" @@ -1506,15 +1531,15 @@ spec: requests: cpu: "100m" memory: "50Mi" - description: "`resources`, in terms of compute resources, required by this container. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "`resources`, in terms of compute resources, required by this container.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" required: - "name" @@ -1530,7 +1555,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -1539,13 +1564,13 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" type: "object" deploymentModel: default: "Direct" - description: "`deploymentModel` defines the desired type of deployment for flow processing. Possible values are:
- `Direct` (default) to make the flow processor listening directly from the agents.
- `Kafka` to make flows sent to a Kafka pipeline before consumption by the processor.
Kafka can provide better scalability, resiliency, and high availability (for more details, see https://www.redhat.com/en/topics/integration/what-is-apache-kafka)." + description: "`deploymentModel` defines the desired type of deployment for flow processing. Possible values are:
\n- `Direct` (default) to make the flow processor listening directly from the agents.
\n- `Kafka` to make flows sent to a Kafka pipeline before consumption by the processor.
\nKafka can provide better scalability, resiliency, and high availability (for more details, see https://www.redhat.com/en/topics/integration/what-is-apache-kafka)." enum: - "Direct" - "Kafka" @@ -1596,7 +1621,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the file reference: \"configmap\" or \"secret\"" @@ -1616,7 +1641,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the file reference: \"configmap\" or \"secret\"" @@ -1651,7 +1676,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the certificate reference: `configmap` or `secret`" @@ -1666,7 +1691,7 @@ spec: type: "boolean" insecureSkipVerify: default: false - description: "`insecureSkipVerify` allows skipping client-side verification of the server certificate. If set to `true`, the `caCert` field is ignored." + description: "`insecureSkipVerify` allows skipping client-side verification of the server certificate.\nIf set to `true`, the `caCert` field is ignored." type: "boolean" userCert: description: "`userCert` defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)" @@ -1682,7 +1707,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the certificate reference: `configmap` or `secret`" @@ -1731,7 +1756,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the file reference: \"configmap\" or \"secret\"" @@ -1751,7 +1776,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the file reference: \"configmap\" or \"secret\"" @@ -1786,7 +1811,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the certificate reference: `configmap` or `secret`" @@ -1801,7 +1826,7 @@ spec: type: "boolean" insecureSkipVerify: default: false - description: "`insecureSkipVerify` allows skipping client-side verification of the server certificate. If set to `true`, the `caCert` field is ignored." + description: "`insecureSkipVerify` allows skipping client-side verification of the server certificate.\nIf set to `true`, the `caCert` field is ignored." type: "boolean" userCert: description: "`userCert` defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)" @@ -1817,7 +1842,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the certificate reference: `configmap` or `secret`" @@ -1839,7 +1864,7 @@ spec: description: "`loki`, the flow store, client settings." properties: advanced: - description: "`advanced` allows setting some aspects of the internal configuration of the Loki clients. This section is aimed mostly for debugging and fine-grained performance optimizations." + description: "`advanced` allows setting some aspects of the internal configuration of the Loki clients.\nThis section is aimed mostly for debugging and fine-grained performance optimizations." properties: staticLabels: additionalProperties: @@ -1868,7 +1893,7 @@ spec: description: "Set `enable` to `true` to store flows in Loki. It is required for the OpenShift Console plugin installation." type: "boolean" lokiStack: - description: "Loki configuration for `LokiStack` mode. This is useful for an easy loki-operator configuration. It is ignored for other modes." + description: "Loki configuration for `LokiStack` mode. This is useful for an easy loki-operator configuration.\nIt is ignored for other modes." properties: name: default: "loki" @@ -1879,11 +1904,11 @@ spec: type: "string" type: "object" manual: - description: "Loki configuration for `Manual` mode. This is the most flexible configuration. It is ignored for other modes." + description: "Loki configuration for `Manual` mode. This is the most flexible configuration.\nIt is ignored for other modes." properties: authToken: default: "Disabled" - description: "`authToken` describes the way to get a token to authenticate to Loki.
- `Disabled` does not send any token with the request.
- `Forward` forwards the user token for authorization.
- `Host` [deprecated (*)] - uses the local pod service account to authenticate to Loki.
When using the Loki Operator, this must be set to `Forward`." + description: "`authToken` describes the way to get a token to authenticate to Loki.
\n- `Disabled` does not send any token with the request.
\n- `Forward` forwards the user token for authorization.
\n- `Host` [deprecated (*)] - uses the local pod service account to authenticate to Loki.
\nWhen using the Loki Operator, this must be set to `Forward`." enum: - "Disabled" - "Host" @@ -1891,11 +1916,11 @@ spec: type: "string" ingesterUrl: default: "http://loki:3100/" - description: "`ingesterUrl` is the address of an existing Loki ingester service to push the flows to. When using the Loki Operator, set it to the Loki gateway service with the `network` tenant set in path, for example https://loki-gateway-http.netobserv.svc:8080/api/logs/v1/network." + description: "`ingesterUrl` is the address of an existing Loki ingester service to push the flows to. When using the Loki Operator,\nset it to the Loki gateway service with the `network` tenant set in path, for example\nhttps://loki-gateway-http.netobserv.svc:8080/api/logs/v1/network." type: "string" querierUrl: default: "http://loki:3100/" - description: "`querierUrl` specifies the address of the Loki querier service. When using the Loki Operator, set it to the Loki gateway service with the `network` tenant set in path, for example https://loki-gateway-http.netobserv.svc:8080/api/logs/v1/network." + description: "`querierUrl` specifies the address of the Loki querier service.\nWhen using the Loki Operator, set it to the Loki gateway service with the `network` tenant set in path, for example\nhttps://loki-gateway-http.netobserv.svc:8080/api/logs/v1/network." type: "string" statusTls: description: "TLS client configuration for Loki status URL." @@ -1914,7 +1939,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the certificate reference: `configmap` or `secret`" @@ -1929,7 +1954,7 @@ spec: type: "boolean" insecureSkipVerify: default: false - description: "`insecureSkipVerify` allows skipping client-side verification of the server certificate. If set to `true`, the `caCert` field is ignored." + description: "`insecureSkipVerify` allows skipping client-side verification of the server certificate.\nIf set to `true`, the `caCert` field is ignored." type: "boolean" userCert: description: "`userCert` defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)" @@ -1945,7 +1970,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the certificate reference: `configmap` or `secret`" @@ -1956,11 +1981,11 @@ spec: type: "object" type: "object" statusUrl: - description: "`statusUrl` specifies the address of the Loki `/ready`, `/metrics` and `/config` endpoints, in case it is different from the Loki querier URL. If empty, the `querierUrl` value is used. This is useful to show error messages and some context in the frontend. When using the Loki Operator, set it to the Loki HTTP query frontend service, for example https://loki-query-frontend-http.netobserv.svc:3100/. `statusTLS` configuration is used when `statusUrl` is set." + description: "`statusUrl` specifies the address of the Loki `/ready`, `/metrics` and `/config` endpoints, in case it is different from the\nLoki querier URL. If empty, the `querierUrl` value is used.\nThis is useful to show error messages and some context in the frontend.\nWhen using the Loki Operator, set it to the Loki HTTP query frontend service, for example\nhttps://loki-query-frontend-http.netobserv.svc:3100/.\n`statusTLS` configuration is used when `statusUrl` is set." type: "string" tenantID: default: "netobserv" - description: "`tenantID` is the Loki `X-Scope-OrgID` that identifies the tenant for each request. When using the Loki Operator, set it to `network`, which corresponds to a special tenant mode." + description: "`tenantID` is the Loki `X-Scope-OrgID` that identifies the tenant for each request.\nWhen using the Loki Operator, set it to `network`, which corresponds to a special tenant mode." type: "string" tls: description: "TLS client configuration for Loki URL." @@ -1979,7 +2004,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the certificate reference: `configmap` or `secret`" @@ -1994,7 +2019,7 @@ spec: type: "boolean" insecureSkipVerify: default: false - description: "`insecureSkipVerify` allows skipping client-side verification of the server certificate. If set to `true`, the `caCert` field is ignored." + description: "`insecureSkipVerify` allows skipping client-side verification of the server certificate.\nIf set to `true`, the `caCert` field is ignored." type: "boolean" userCert: description: "`userCert` defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)" @@ -2010,7 +2035,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the certificate reference: `configmap` or `secret`" @@ -2022,7 +2047,7 @@ spec: type: "object" type: "object" microservices: - description: "Loki configuration for `Microservices` mode. Use this option when Loki is installed using the microservices deployment mode (https://grafana.com/docs/loki/latest/fundamentals/architecture/deployment-modes/#microservices-mode). It is ignored for other modes." + description: "Loki configuration for `Microservices` mode.\nUse this option when Loki is installed using the microservices deployment mode (https://grafana.com/docs/loki/latest/fundamentals/architecture/deployment-modes/#microservices-mode).\nIt is ignored for other modes." properties: ingesterUrl: default: "http://loki-distributor:3100/" @@ -2053,7 +2078,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the certificate reference: `configmap` or `secret`" @@ -2068,7 +2093,7 @@ spec: type: "boolean" insecureSkipVerify: default: false - description: "`insecureSkipVerify` allows skipping client-side verification of the server certificate. If set to `true`, the `caCert` field is ignored." + description: "`insecureSkipVerify` allows skipping client-side verification of the server certificate.\nIf set to `true`, the `caCert` field is ignored." type: "boolean" userCert: description: "`userCert` defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)" @@ -2084,7 +2109,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the certificate reference: `configmap` or `secret`" @@ -2097,7 +2122,7 @@ spec: type: "object" mode: default: "Monolithic" - description: "`mode` must be set according to the installation mode of Loki:
- Use `LokiStack` when Loki is managed using the Loki Operator
- Use `Monolithic` when Loki is installed as a monolithic workload
- Use `Microservices` when Loki is installed as microservices, but without Loki Operator
- Use `Manual` if none of the options above match your setup
" + description: "`mode` must be set according to the installation mode of Loki:
\n- Use `LokiStack` when Loki is managed using the Loki Operator
\n- Use `Monolithic` when Loki is installed as a monolithic workload
\n- Use `Microservices` when Loki is installed as microservices, but without Loki Operator
\n- Use `Manual` if none of the options above match your setup
" enum: - "Manual" - "LokiStack" @@ -2105,7 +2130,7 @@ spec: - "Microservices" type: "string" monolithic: - description: "Loki configuration for `Monolithic` mode. Use this option when Loki is installed using the monolithic deployment mode (https://grafana.com/docs/loki/latest/fundamentals/architecture/deployment-modes/#monolithic-mode). It is ignored for other modes." + description: "Loki configuration for `Monolithic` mode.\nUse this option when Loki is installed using the monolithic deployment mode (https://grafana.com/docs/loki/latest/fundamentals/architecture/deployment-modes/#monolithic-mode).\nIt is ignored for other modes." properties: tenantID: default: "netobserv" @@ -2128,7 +2153,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the certificate reference: `configmap` or `secret`" @@ -2143,7 +2168,7 @@ spec: type: "boolean" insecureSkipVerify: default: false - description: "`insecureSkipVerify` allows skipping client-side verification of the server certificate. If set to `true`, the `caCert` field is ignored." + description: "`insecureSkipVerify` allows skipping client-side verification of the server certificate.\nIf set to `true`, the `caCert` field is ignored." type: "boolean" userCert: description: "`userCert` defines the user certificate reference and is used for mTLS (you can ignore it when using one-way TLS)" @@ -2159,7 +2184,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the certificate reference: `configmap` or `secret`" @@ -2176,7 +2201,7 @@ spec: type: "object" readTimeout: default: "30s" - description: "`readTimeout` is the maximum console plugin loki query total time limit. A timeout of zero means no timeout." + description: "`readTimeout` is the maximum console plugin loki query total time limit.\nA timeout of zero means no timeout." type: "string" writeBatchSize: default: 102400 @@ -2190,7 +2215,7 @@ spec: type: "string" writeTimeout: default: "10s" - description: "`writeTimeout` is the maximum Loki time connection / request limit. A timeout of zero means no timeout." + description: "`writeTimeout` is the maximum Loki time connection / request limit.\nA timeout of zero means no timeout." type: "string" type: "object" namespace: @@ -2198,13 +2223,13 @@ spec: description: "Namespace where NetObserv pods are deployed." type: "string" processor: - description: "`processor` defines the settings of the component that receives the flows from the agent, enriches them, generates metrics, and forwards them to the Loki persistence layer and/or any available exporter." + description: "`processor` defines the settings of the component that receives the flows from the agent,\nenriches them, generates metrics, and forwards them to the Loki persistence layer and/or any available exporter." properties: addZone: - description: "`addZone` allows availability zone awareness by labelling flows with their source and destination zones. This feature requires the \"topology.kubernetes.io/zone\" label to be set on nodes." + description: "`addZone` allows availability zone awareness by labelling flows with their source and destination zones.\nThis feature requires the \"topology.kubernetes.io/zone\" label to be set on nodes." type: "boolean" advanced: - description: "`advanced` allows setting some aspects of the internal configuration of the flow processor. This section is aimed mostly for debugging and fine-grained performance optimizations, such as `GOGC` and `GOMAXPROCS` env vars. Set these values at your own risk." + description: "`advanced` allows setting some aspects of the internal configuration of the flow processor.\nThis section is aimed mostly for debugging and fine-grained performance optimizations,\nsuch as `GOGC` and `GOMAXPROCS` env vars. Set these values at your own risk." properties: affinity: description: "If specified, the pod's scheduling constraints. For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling" @@ -2249,6 +2274,7 @@ spec: type: "object" type: "array" type: "object" + x-kubernetes-map-type: "atomic" weight: format: "int32" type: "integer" @@ -2295,10 +2321,12 @@ spec: type: "object" type: "array" type: "object" + x-kubernetes-map-type: "atomic" type: "array" required: - "nodeSelectorTerms" type: "object" + x-kubernetes-map-type: "atomic" type: "object" podAffinity: properties: @@ -2330,6 +2358,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" matchLabelKeys: items: type: "string" @@ -2363,6 +2392,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" namespaces: items: type: "string" @@ -2406,6 +2436,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" matchLabelKeys: items: type: "string" @@ -2439,6 +2470,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" namespaces: items: type: "string" @@ -2480,6 +2512,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" matchLabelKeys: items: type: "string" @@ -2513,6 +2546,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" namespaces: items: type: "string" @@ -2556,6 +2590,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" matchLabelKeys: items: type: "string" @@ -2589,6 +2624,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" namespaces: items: type: "string" @@ -2603,7 +2639,7 @@ spec: type: "object" conversationEndTimeout: default: "10s" - description: "`conversationEndTimeout` is the time to wait after a network flow is received, to consider the conversation ended. This delay is ignored when a FIN packet is collected for TCP flows (see `conversationTerminatingTimeout` instead)." + description: "`conversationEndTimeout` is the time to wait after a network flow is received, to consider the conversation ended.\nThis delay is ignored when a FIN packet is collected for TCP flows (see `conversationTerminatingTimeout` instead)." type: "string" conversationHeartbeatInterval: default: "30s" @@ -2624,7 +2660,7 @@ spec: env: additionalProperties: type: "string" - description: "`env` allows passing custom environment variables to underlying components. Useful for passing some very concrete performance-tuning options, such as `GOGC` and `GOMAXPROCS`, that should not be publicly exposed as part of the FlowCollector descriptor, as they are only useful in edge debug or support scenarios." + description: "`env` allows passing custom environment variables to underlying components. Useful for passing\nsome very concrete performance-tuning options, such as `GOGC` and `GOMAXPROCS`, that should not be\npublicly exposed as part of the FlowCollector descriptor, as they are only useful\nin edge debug or support scenarios." type: "object" healthPort: default: 8080 @@ -2636,18 +2672,18 @@ spec: nodeSelector: additionalProperties: type: "string" - description: "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" + description: "NodeSelector is a selector which must be true for the pod to fit on a node.\nSelector which must match a node's labels for the pod to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" type: "object" x-kubernetes-map-type: "atomic" port: default: 2055 - description: "Port of the flow collector (host port). By convention, some values are forbidden. It must be greater than 1024 and different from 4500, 4789 and 6081." + description: "Port of the flow collector (host port).\nBy convention, some values are forbidden. It must be greater than 1024 and different from\n4500, 4789 and 6081." format: "int32" maximum: 65535.0 minimum: 1025.0 type: "integer" priorityClassName: - description: "If specified, indicates the pod's priority. \"system-node-critical\" and \"system-cluster-critical\" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default." + description: "If specified, indicates the pod's priority. \"system-node-critical\" and\n\"system-cluster-critical\" are two special keywords which indicate the\nhighest priorities with the former being the highest priority. Any other\nname must be defined by creating a PriorityClass object with that name.\nIf not specified, the pod priority will be default or zero if there is no\ndefault." type: "string" profilePort: default: 6060 @@ -2670,7 +2706,7 @@ spec: - "Never" type: "string" kafkaConsumerAutoscaler: - description: "`kafkaConsumerAutoscaler` is the spec of a horizontal pod autoscaler to set up for `flowlogs-pipeline-transformer`, which consumes Kafka messages. This setting is ignored when Kafka is disabled." + description: "`kafkaConsumerAutoscaler` is the spec of a horizontal pod autoscaler to set up for `flowlogs-pipeline-transformer`, which consumes Kafka messages.\nThis setting is ignored when Kafka is disabled." properties: maxReplicas: default: 3 @@ -2743,6 +2779,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" required: - "name" type: "object" @@ -2813,6 +2850,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" required: - "name" type: "object" @@ -2872,6 +2910,7 @@ spec: type: "string" type: "object" type: "object" + x-kubernetes-map-type: "atomic" required: - "name" type: "object" @@ -2938,12 +2977,12 @@ spec: type: "object" type: "array" minReplicas: - description: "`minReplicas` is the lower limit for the number of replicas to which the autoscaler can scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the alpha feature gate HPAScaleToZero is enabled and at least one Object or External metric is configured. Scaling is active as long as at least one metric value is available." + description: "`minReplicas` is the lower limit for the number of replicas to which the autoscaler\ncan scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the\nalpha feature gate HPAScaleToZero is enabled and at least one Object or External\nmetric is configured. Scaling is active as long as at least one metric value is\navailable." format: "int32" type: "integer" status: default: "Disabled" - description: "`status` describes the desired status regarding deploying an horizontal pod autoscaler.
- `Disabled` does not deploy an horizontal pod autoscaler.
- `Enabled` deploys an horizontal pod autoscaler.
" + description: "`status` describes the desired status regarding deploying an horizontal pod autoscaler.
\n- `Disabled` does not deploy an horizontal pod autoscaler.
\n- `Enabled` deploys an horizontal pod autoscaler.
" enum: - "Disabled" - "Enabled" @@ -2959,7 +2998,7 @@ spec: type: "integer" kafkaConsumerReplicas: default: 3 - description: "`kafkaConsumerReplicas` defines the number of replicas (pods) to start for `flowlogs-pipeline-transformer`, which consumes Kafka messages. This setting is ignored when Kafka is disabled." + description: "`kafkaConsumerReplicas` defines the number of replicas (pods) to start for `flowlogs-pipeline-transformer`, which consumes Kafka messages.\nThis setting is ignored when Kafka is disabled." format: "int32" minimum: 0.0 type: "integer" @@ -2977,7 +3016,7 @@ spec: type: "string" logTypes: default: "Flows" - description: "`logTypes` defines the desired record types to generate. Possible values are:
- `Flows` (default) to export regular network flows
- `Conversations` to generate events for started conversations, ended conversations as well as periodic \"tick\" updates
- `EndedConversations` to generate only ended conversations events
- `All` to generate both network flows and all conversations events
" + description: "`logTypes` defines the desired record types to generate. Possible values are:
\n- `Flows` (default) to export regular network flows
\n- `Conversations` to generate events for started conversations, ended conversations as well as periodic \"tick\" updates
\n- `EndedConversations` to generate only ended conversations events
\n- `All` to generate both network flows and all conversations events
" enum: - "Flows" - "Conversations" @@ -2988,16 +3027,16 @@ spec: description: "`Metrics` define the processor configuration regarding metrics" properties: disableAlerts: - description: "`disableAlerts` is a list of alerts that should be disabled. Possible values are:
`NetObservNoFlows`, which is triggered when no flows are being observed for a certain period.
`NetObservLokiError`, which is triggered when flows are being dropped due to Loki errors.
" + description: "`disableAlerts` is a list of alerts that should be disabled.\nPossible values are:
\n`NetObservNoFlows`, which is triggered when no flows are being observed for a certain period.
\n`NetObservLokiError`, which is triggered when flows are being dropped due to Loki errors.
" items: - description: "Name of a processor alert. Possible values are:
- `NetObservNoFlows`, which is triggered when no flows are being observed for a certain period.
- `NetObservLokiError`, which is triggered when flows are being dropped due to Loki errors.
" + description: "Name of a processor alert.\nPossible values are:
\n- `NetObservNoFlows`, which is triggered when no flows are being observed for a certain period.
\n- `NetObservLokiError`, which is triggered when flows are being dropped due to Loki errors.
" enum: - "NetObservNoFlows" - "NetObservLokiError" type: "string" type: "array" includeList: - description: "`includeList` is a list of metric names to specify which ones to generate. The names correspond to the names in Prometheus without the prefix. For example, `namespace_egress_packets_total` shows up as `netobserv_namespace_egress_packets_total` in Prometheus. Note that the more metrics you add, the bigger is the impact on Prometheus workload resources. Metrics enabled by default are: `namespace_flows_total`, `node_ingress_bytes_total`, `workload_ingress_bytes_total`, `namespace_drop_packets_total` (when `PacketDrop` feature is enabled), `namespace_rtt_seconds` (when `FlowRTT` feature is enabled), `namespace_dns_latency_seconds` (when `DNSTracking` feature is enabled). More information, with full list of available metrics: https://github.com/netobserv/network-observability-operator/blob/main/docs/Metrics.md" + description: "`includeList` is a list of metric names to specify which ones to generate.\nThe names correspond to the names in Prometheus without the prefix. For example,\n`namespace_egress_packets_total` shows up as `netobserv_namespace_egress_packets_total` in Prometheus.\nNote that the more metrics you add, the bigger is the impact on Prometheus workload resources.\nMetrics enabled by default are:\n`namespace_flows_total`, `node_ingress_bytes_total`, `workload_ingress_bytes_total`, `namespace_drop_packets_total` (when `PacketDrop` feature is enabled),\n`namespace_rtt_seconds` (when `FlowRTT` feature is enabled), `namespace_dns_latency_seconds` (when `DNSTracking` feature is enabled).\nMore information, with full list of available metrics: https://github.com/netobserv/network-observability-operator/blob/main/docs/Metrics.md" items: description: "Metric name. More information in https://github.com/netobserv/network-observability-operator/blob/main/docs/Metrics.md." enum: @@ -3045,7 +3084,7 @@ spec: properties: insecureSkipVerify: default: false - description: "`insecureSkipVerify` allows skipping client-side verification of the provided certificate. If set to `true`, the `providedCaFile` field is ignored." + description: "`insecureSkipVerify` allows skipping client-side verification of the provided certificate.\nIf set to `true`, the `providedCaFile` field is ignored." type: "boolean" provided: description: "TLS configuration when `type` is set to `Provided`." @@ -3061,7 +3100,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the certificate reference: `configmap` or `secret`" @@ -3081,7 +3120,7 @@ spec: type: "string" namespace: default: "" - description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required." + description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: description: "Type for the file reference: \"configmap\" or \"secret\"" @@ -3092,7 +3131,7 @@ spec: type: "object" type: default: "Disabled" - description: "Select the type of TLS configuration:
- `Disabled` (default) to not configure TLS for the endpoint. - `Provided` to manually provide cert file and a key file. [Unsupported (*)]. - `Auto` to use OpenShift auto generated certificate using annotations." + description: "Select the type of TLS configuration:
\n- `Disabled` (default) to not configure TLS for the endpoint.\n- `Provided` to manually provide cert file and a key file. [Unsupported (*)].\n- `Auto` to use OpenShift auto generated certificate using annotations." enum: - "Disabled" - "Provided" @@ -3112,15 +3151,15 @@ spec: requests: cpu: "100m" memory: "100Mi" - description: "`resources` are the compute resources required by this container. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "`resources` are the compute resources required by this container.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" required: - "name" @@ -3136,7 +3175,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -3145,14 +3184,14 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" subnetLabels: description: "`SubnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift." properties: customLabels: - description: "`customLabels` allows to customize subnets and IPs labelling, such as to identify cluster-external workloads or web services. If you enable `openShiftAutoDetect`, `customLabels` can override the detected subnets in case they overlap." + description: "`customLabels` allows to customize subnets and IPs labelling, such as to identify cluster-external workloads or web services.\nIf you enable `openShiftAutoDetect`, `customLabels` can override the detected subnets in case they overlap." items: description: "SubnetLabel allows to label subnets and IPs, such as to identify cluster-external workloads or web services." properties: @@ -3167,7 +3206,7 @@ spec: type: "object" type: "array" openShiftAutoDetect: - description: "`openShiftAutoDetect` allows, when set to `true`, to detect automatically the machines, pods and services subnets based on the OpenShift install configuration and the Cluster Network Operator configuration." + description: "`openShiftAutoDetect` allows, when set to `true`, to detect automatically the machines, pods and services subnets based on the\nOpenShift install configuration and the Cluster Network Operator configuration." type: "boolean" type: "object" type: "object" @@ -3178,23 +3217,23 @@ spec: conditions: description: "`conditions` represent the latest available observations of an object's state" items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n \ttype FooStatus struct{ \t // Represents the observations of a foo's current state. \t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" \t // +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map \t // +listMapKey=type \t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields \t}" + description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" properties: lastTransitionTime: - description: "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." + description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." format: "date-time" type: "string" message: - description: "message is a human readable message indicating details about the transition. This may be an empty string." + description: "message is a human readable message indicating details about the transition.\nThis may be an empty string." maxLength: 32768 type: "string" observedGeneration: - description: "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance." + description: "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance." format: "int64" minimum: 0.0 type: "integer" reason: - description: "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty." + description: "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty." maxLength: 1024 minLength: 1 pattern: "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" @@ -3207,7 +3246,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" @@ -3220,7 +3259,7 @@ spec: type: "object" type: "array" namespace: - description: "Namespace where console plugin and flowlogs-pipeline have been deployed. Deprecated: annotations are used instead" + description: "Namespace where console plugin and flowlogs-pipeline have been deployed.\nDeprecated: annotations are used instead" type: "string" required: - "conditions" @@ -3230,9 +3269,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/crd-catalog/open-telemetry/opentelemetry-operator/opentelemetry.io/v1alpha1/instrumentations.yaml b/crd-catalog/open-telemetry/opentelemetry-operator/opentelemetry.io/v1alpha1/instrumentations.yaml index 432d5a66d..8000747c5 100644 --- a/crd-catalog/open-telemetry/opentelemetry-operator/opentelemetry.io/v1alpha1/instrumentations.yaml +++ b/crd-catalog/open-telemetry/opentelemetry-operator/opentelemetry.io/v1alpha1/instrumentations.yaml @@ -718,6 +718,21 @@ spec: - "name" type: "object" type: "array" + extensions: + description: "Extensions defines java specific extensions.\nAll extensions are copied to a single directory; if a JAR with the same name exists, it will be overwritten." + items: + properties: + dir: + description: "Dir is a directory with extensions auto-instrumentation JAR." + type: "string" + image: + description: "Image is a container image with extensions auto-instrumentation JAR." + type: "string" + required: + - "dir" + - "image" + type: "object" + type: "array" image: description: "Image is a container image with javaagent auto-instrumentation JAR." type: "string" diff --git a/crd-catalog/open-telemetry/opentelemetry-operator/opentelemetry.io/v1alpha1/opentelemetrycollectors.yaml b/crd-catalog/open-telemetry/opentelemetry-operator/opentelemetry.io/v1alpha1/opentelemetrycollectors.yaml index 98808ae7a..f410a7b6f 100644 --- a/crd-catalog/open-telemetry/opentelemetry-operator/opentelemetry.io/v1alpha1/opentelemetrycollectors.yaml +++ b/crd-catalog/open-telemetry/opentelemetry-operator/opentelemetry.io/v1alpha1/opentelemetrycollectors.yaml @@ -1599,7 +1599,7 @@ spec: type: "integer" type: "object" config: - description: "Config is the raw JSON to be used as the collector's configuration. Refer to the OpenTelemetry Collector documentation for details." + description: "Config is the raw YAML to be used as the collector's configuration. Refer to the OpenTelemetry Collector documentation for details." type: "string" configmaps: description: "ConfigMaps is a list of ConfigMaps in the same namespace as the OpenTelemetryCollector\nobject, which shall be mounted into the Collector Pods." @@ -2995,11 +2995,15 @@ spec: ports: description: "Ports allows a set of ports to be exposed by the underlying v1.Service. By default, the operator\nwill attempt to infer the required ports by parsing the .Spec." items: - description: "ServicePort contains information on service's port." + description: "PortsSpec defines the OpenTelemetryCollector's container/service ports additional specifications." properties: appProtocol: description: "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax." type: "string" + hostPort: + description: "Allows defining which port to bind to the host in the Container." + format: "int32" + type: "integer" name: description: "The name of this port within the service. This must be a DNS_LABEL.\nAll ports within a ServiceSpec must have unique names." type: "string" diff --git a/crd-catalog/percona/everest-operator/everest.percona.com/v1alpha1/backupstorages.yaml b/crd-catalog/percona/everest-operator/everest.percona.com/v1alpha1/backupstorages.yaml index 00ff92bcb..bb8b8ee33 100644 --- a/crd-catalog/percona/everest-operator/everest.percona.com/v1alpha1/backupstorages.yaml +++ b/crd-catalog/percona/everest-operator/everest.percona.com/v1alpha1/backupstorages.yaml @@ -46,6 +46,10 @@ spec: endpointURL: description: "EndpointURL is an endpoint URL of backup storage." type: "string" + forcePathStyle: + default: false + description: "ForcePathStyle is set to use path-style URLs.\nIf unspecified, the default value is false." + type: "boolean" region: description: "Region is a region where the bucket is located." type: "string" diff --git a/crd-catalog/percona/everest-operator/everest.percona.com/v1alpha1/databaseengines.yaml b/crd-catalog/percona/everest-operator/everest.percona.com/v1alpha1/databaseengines.yaml index d448076aa..c31d7445b 100644 --- a/crd-catalog/percona/everest-operator/everest.percona.com/v1alpha1/databaseengines.yaml +++ b/crd-catalog/percona/everest-operator/everest.percona.com/v1alpha1/databaseengines.yaml @@ -126,8 +126,48 @@ spec: type: "object" type: "object" type: "object" + operatorUpgrade: + description: "OperatorUpgrade contains the status of the operator upgrade.\nThis is set only if the `everest.percona.com/upgrade-operator-to` annotation is present." + properties: + installPlanRef: + description: "InstallPlanRef is a reference to the InstallPlan object created for the operator upgrade." + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + message: + type: "string" + phase: + description: "UpgradePhase represents the phase of the operator upgrade." + type: "string" + startedAt: + format: "date-time" + type: "string" + targetVersion: + description: "TargetVersion is the version to which the operator should be upgraded." + type: "string" + type: "object" operatorVersion: type: "string" + pendingOperatorUpgrades: + items: + description: "OperatorUpgrade contains the information about the operator upgrade." + properties: + installPlanRef: + description: "InstallPlanRef is a reference to the InstallPlan object created for the operator upgrade." + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + targetVersion: + description: "TargetVersion is the version to which the operator should be upgraded." + type: "string" + type: "object" + type: "array" status: description: "EngineState represents state of engine in a k8s cluster." type: "string" diff --git a/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbbackups.yaml b/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbbackups.yaml index 69041b530..bb4c5e443 100644 --- a/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbbackups.yaml +++ b/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbbackups.yaml @@ -104,6 +104,10 @@ spec: type: "string" pbmPod: type: "string" + pbmPods: + additionalProperties: + type: "string" + type: "object" replsetNames: items: type: "string" diff --git a/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbrestores.yaml b/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbrestores.yaml index 2384e5409..6afe2738b 100644 --- a/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbrestores.yaml +++ b/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbrestores.yaml @@ -74,6 +74,10 @@ spec: type: "string" pbmPod: type: "string" + pbmPods: + additionalProperties: + type: "string" + type: "object" replsetNames: items: type: "string" diff --git a/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbs.yaml b/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbs.yaml index 23af1bf98..281151e37 100644 --- a/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbs.yaml +++ b/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbs.yaml @@ -7639,6 +7639,8 @@ spec: type: "string" ldapSecret: type: "string" + sse: + type: "string" ssl: type: "string" sslInternal: diff --git a/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/contourconfigurations.yaml b/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/contourconfigurations.yaml index e8af5b35e..3c964ca2e 100644 --- a/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/contourconfigurations.yaml +++ b/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/contourconfigurations.yaml @@ -323,7 +323,7 @@ spec: type: "object" type: "object" featureFlags: - description: "FeatureFlags defines toggle to enable new contour features.\nAvailable toggles are:\nuseEndpointSlices - configures contour to fetch endpoint data\nfrom k8s endpoint slices. defaults to false and reading endpoint\ndata from the k8s endpoints." + description: "FeatureFlags defines toggle to enable new contour features.\nAvailable toggles are:\nuseEndpointSlices - Configures contour to fetch endpoint data\nfrom k8s endpoint slices. defaults to true,\nIf false then reads endpoint data from the k8s endpoints." items: type: "string" type: "array" diff --git a/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/contourdeployments.yaml b/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/contourdeployments.yaml index adab50b5d..b97bd781f 100644 --- a/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/contourdeployments.yaml +++ b/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/contourdeployments.yaml @@ -1668,7 +1668,7 @@ spec: type: "object" type: "object" featureFlags: - description: "FeatureFlags defines toggle to enable new contour features.\nAvailable toggles are:\nuseEndpointSlices - configures contour to fetch endpoint data\nfrom k8s endpoint slices. defaults to false and reading endpoint\ndata from the k8s endpoints." + description: "FeatureFlags defines toggle to enable new contour features.\nAvailable toggles are:\nuseEndpointSlices - Configures contour to fetch endpoint data\nfrom k8s endpoint slices. defaults to true,\nIf false then reads endpoint data from the k8s endpoints." items: type: "string" type: "array" diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/alertmanagers.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/alertmanagers.yaml index ea7e03f80..bcbca0404 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/alertmanagers.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/alertmanagers.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.13.0" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "alertmanagers.monitoring.coreos.com" spec: group: "monitoring.coreos.com" @@ -50,15 +50,15 @@ spec: description: "Alertmanager describes an Alertmanager cluster." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" spec: - description: "Specification of the desired behavior of the Alertmanager cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + description: "Specification of the desired behavior of the Alertmanager cluster. More info:\nhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" properties: additionalPeers: description: "AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster." @@ -72,9 +72,9 @@ spec: description: "Describes node affinity scheduling rules for the pod." properties: preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred." + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred." items: - description: "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." + description: "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." properties: preference: description: "A node selector term, associated with the corresponding weight." @@ -82,16 +82,16 @@ spec: matchExpressions: description: "A list of node selector requirements by node's labels." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -103,16 +103,16 @@ spec: matchFields: description: "A list of node selector requirements by node's fields." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -133,26 +133,26 @@ spec: type: "object" type: "array" requiredDuringSchedulingIgnoredDuringExecution: - description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node." + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: nodeSelectorTerms: description: "Required. A list of node selector terms. The terms are ORed." items: - description: "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm." + description: "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm." properties: matchExpressions: description: "A list of node selector requirements by node's labels." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -164,16 +164,16 @@ spec: matchFields: description: "A list of node selector requirements by node's fields." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -194,7 +194,7 @@ spec: description: "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s))." properties: preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." items: description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" properties: @@ -202,21 +202,21 @@ spec: description: "Required. A pod affinity term, associated with the corresponding weight." properties: labelSelector: - description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." + description: "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -228,38 +228,38 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -271,23 +271,23 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" type: "object" weight: - description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." format: "int32" type: "integer" required: @@ -296,26 +296,26 @@ spec: type: "object" type: "array" requiredDuringSchedulingIgnoredDuringExecution: - description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: - description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" properties: labelSelector: - description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." + description: "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -327,38 +327,38 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -370,17 +370,17 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" @@ -391,7 +391,7 @@ spec: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." properties: preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." items: description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" properties: @@ -399,21 +399,21 @@ spec: description: "Required. A pod affinity term, associated with the corresponding weight." properties: labelSelector: - description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." + description: "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -425,38 +425,38 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -468,23 +468,23 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" type: "object" weight: - description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." format: "int32" type: "integer" required: @@ -493,26 +493,26 @@ spec: type: "object" type: "array" requiredDuringSchedulingIgnoredDuringExecution: - description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: - description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" properties: labelSelector: - description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." + description: "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -524,38 +524,38 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -567,17 +567,17 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" @@ -586,32 +586,32 @@ spec: type: "object" type: "object" alertmanagerConfigMatcherStrategy: - description: "The AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects match the alerts. In the future more options may be added." + description: "The AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects match the alerts.\nIn the future more options may be added." properties: type: default: "OnNamespace" - description: "If set to `OnNamespace`, the operator injects a label matcher matching the namespace of the AlertmanagerConfig object for all its routes and inhibition rules. `None` will not add any additional matchers other than the ones specified in the AlertmanagerConfig. Default is `OnNamespace`." + description: "If set to `OnNamespace`, the operator injects a label matcher matching the namespace of the AlertmanagerConfig object for all its routes and inhibition rules.\n`None` will not add any additional matchers other than the ones specified in the AlertmanagerConfig.\nDefault is `OnNamespace`." enum: - "OnNamespace" - "None" type: "string" type: "object" alertmanagerConfigNamespaceSelector: - description: "Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace." + description: "Namespaces to be selected for AlertmanagerConfig discovery. If nil, only\ncheck own namespace." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -623,7 +623,7 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" @@ -633,16 +633,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -654,12 +654,12 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" alertmanagerConfiguration: - description: "alertmanagerConfiguration specifies the configuration of Alertmanager. \n If defined, it takes precedence over the `configSecret` field. \n This is an *experimental feature*, it may change in any upcoming release in a breaking way." + description: "alertmanagerConfiguration specifies the configuration of Alertmanager.\n\n\nIf defined, it takes precedence over the `configSecret` field.\n\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way." properties: global: description: "Defines the global parameters of the Alertmanager configuration." @@ -668,7 +668,7 @@ spec: description: "HTTP client configuration." properties: authorization: - description: "Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+." + description: "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+." properties: credentials: description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." @@ -677,7 +677,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -687,20 +687,20 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive. \n \"Basic\" is not a supported value. \n Default: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: - description: "BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence." + description: "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence." properties: password: - description: "`password` specifies a key of a Secret containing the password for authentication." + description: "`password` specifies a key of a Secret containing the password for\nauthentication." properties: key: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -710,13 +710,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" username: - description: "`username` specifies a key of a Secret containing the username for authentication." + description: "`username` specifies a key of a Secret containing the username for\nauthentication." properties: key: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -727,13 +727,13 @@ spec: x-kubernetes-map-type: "atomic" type: "object" bearerTokenSecret: - description: "The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the Alertmanager object and accessible by the Prometheus Operator." + description: "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the Alertmanager\nobject and accessible by the Prometheus Operator." properties: key: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -749,7 +749,7 @@ spec: description: "OAuth2 client credentials used to fetch a token for the targets." properties: clientId: - description: "`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID." + description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." properties: configMap: description: "ConfigMap containing data to use for the targets." @@ -758,7 +758,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -774,7 +774,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -785,13 +785,13 @@ spec: x-kubernetes-map-type: "atomic" type: "object" clientSecret: - description: "`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret." + description: "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret." properties: key: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -803,7 +803,7 @@ spec: endpointParams: additionalProperties: type: "string" - description: "`endpointParams` configures the HTTP parameters to append to the token URL." + description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" scopes: description: "`scopes` defines the OAuth2 scopes used for the token request." @@ -835,7 +835,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -851,7 +851,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -871,7 +871,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -887,7 +887,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -907,7 +907,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -928,7 +928,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -944,7 +944,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -957,7 +957,7 @@ spec: description: "The default Pagerduty URL." type: "string" resolveTimeout: - description: "ResolveTimeout is the default value used by alertmanager if the alert does not include EndsAt, after this time passes it can declare the alert as resolved if it has not been updated. This has no impact on alerts from Prometheus, as they always include EndsAt." + description: "ResolveTimeout is the default value used by alertmanager if the alert does\nnot include EndsAt, after this time passes it can declare the alert as resolved if it has not been updated.\nThis has no impact on alerts from Prometheus, as they always include EndsAt." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" slackApiUrl: @@ -967,7 +967,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -989,7 +989,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1005,7 +1005,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1024,7 +1024,7 @@ spec: description: "The default hostname to identify to the SMTP server." type: "string" requireTLS: - description: "The default SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints." + description: "The default SMTP TLS requirement.\nNote that Go does not support unencrypted connections to remote SMTP endpoints." type: "boolean" smartHost: description: "The default SMTP smarthost used for sending emails." @@ -1044,7 +1044,7 @@ spec: type: "object" type: "object" name: - description: "The name of the AlertmanagerConfig resource which is used to generate the Alertmanager configuration. It must be defined in the same namespace as the Alertmanager object. The operator will not enforce a `namespace` label for routes and inhibition rules." + description: "The name of the AlertmanagerConfig resource which is used to generate the Alertmanager configuration.\nIt must be defined in the same namespace as the Alertmanager object.\nThe operator will not enforce a `namespace` label for routes and inhibition rules." minLength: 1 type: "string" templates: @@ -1059,7 +1059,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1075,7 +1075,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1088,20 +1088,20 @@ spec: type: "array" type: "object" automountServiceAccountToken: - description: "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod. If the service account has `automountServiceAccountToken: true`, set the field to `false` to opt out of automounting API credentials." + description: "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod.\nIf the service account has `automountServiceAccountToken: true`, set the field to `false` to opt out of automounting API credentials." type: "boolean" baseImage: - description: "Base image that is used to deploy pods, without tag. Deprecated: use 'image' instead." + description: "Base image that is used to deploy pods, without tag.\nDeprecated: use 'image' instead." type: "string" clusterAdvertiseAddress: - description: "ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918" + description: "ClusterAdvertiseAddress is the explicit address to advertise in cluster.\nNeeds to be provided for non RFC1918 [1] (public) addresses.\n[1] RFC1918: https://tools.ietf.org/html/rfc1918" type: "string" clusterGossipInterval: description: "Interval between gossip attempts." pattern: "^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" clusterLabel: - description: "Defines the identifier that uniquely identifies the Alertmanager cluster. You should only set it when the Alertmanager cluster includes Alertmanager instances which are external to this Alertmanager resource. In practice, the addresses of the external instances are provided via the `.spec.additionalPeers` field." + description: "Defines the identifier that uniquely identifies the Alertmanager cluster.\nYou should only set it when the Alertmanager cluster includes Alertmanager instances which are external to this Alertmanager resource. In practice, the addresses of the external instances are provided via the `.spec.additionalPeers` field." type: "string" clusterPeerTimeout: description: "Timeout for cluster peering." @@ -1112,30 +1112,30 @@ spec: pattern: "^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" configMaps: - description: "ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. Each ConfigMap is added to the StatefulSet definition as a volume named `configmap-`. The ConfigMaps are mounted into `/etc/alertmanager/configmaps/` in the 'alertmanager' container." + description: "ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager\nobject, which shall be mounted into the Alertmanager Pods.\nEach ConfigMap is added to the StatefulSet definition as a volume named `configmap-`.\nThe ConfigMaps are mounted into `/etc/alertmanager/configmaps/` in the 'alertmanager' container." items: type: "string" type: "array" configSecret: - description: "ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains the configuration for this Alertmanager instance. If empty, it defaults to `alertmanager-`. \n The Alertmanager configuration should be available under the `alertmanager.yaml` key. Additional keys from the original secret are copied to the generated secret and mounted into the `/etc/alertmanager/config` directory in the `alertmanager` container. \n If either the secret or the `alertmanager.yaml` key is missing, the operator provisions a minimal Alertmanager configuration with one empty receiver (effectively dropping alert notifications)." + description: "ConfigSecret is the name of a Kubernetes Secret in the same namespace as the\nAlertmanager object, which contains the configuration for this Alertmanager\ninstance. If empty, it defaults to `alertmanager-`.\n\n\nThe Alertmanager configuration should be available under the\n`alertmanager.yaml` key. Additional keys from the original secret are\ncopied to the generated secret and mounted into the\n`/etc/alertmanager/config` directory in the `alertmanager` container.\n\n\nIf either the secret or the `alertmanager.yaml` key is missing, the\noperator provisions a minimal Alertmanager configuration with one empty\nreceiver (effectively dropping alert notifications)." type: "string" containers: - description: "Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `alertmanager` and `config-reloader`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice." + description: "Containers allows injecting additional containers. This is meant to\nallow adding an authentication proxy to an Alertmanager pod.\nContainers described here modify an operator generated container if they\nshare the same name and modifications are done via a strategic merge\npatch. The current container names are: `alertmanager` and\n`config-reloader`. Overriding containers is entirely outside the scope\nof what the maintainers will support and by doing so, you accept that\nthis behaviour may break at any time without notice." items: description: "A single application container that you want to run within a pod." properties: args: - description: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" + description: "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" command: - description: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" + description: "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" env: - description: "List of environment variables to set in the container. Cannot be updated." + description: "List of environment variables to set in the container.\nCannot be updated." items: description: "EnvVar represents an environment variable present in a Container." properties: @@ -1143,7 +1143,7 @@ spec: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: description: "Source for the environment variable's value. Cannot be used if value is not empty." @@ -1155,7 +1155,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1165,7 +1165,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -1178,7 +1178,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -1204,7 +1204,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1219,7 +1219,7 @@ spec: type: "object" type: "array" envFrom: - description: "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated." + description: "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated." items: description: "EnvFromSource represents the source of a set of ConfigMaps" properties: @@ -1227,7 +1227,7 @@ spec: description: "The ConfigMap to select from" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1241,7 +1241,7 @@ spec: description: "The Secret to select from" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -1251,22 +1251,22 @@ spec: type: "object" type: "array" image: - description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." + description: "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." type: "string" imagePullPolicy: - description: "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images" + description: "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images" type: "string" lifecycle: - description: "Actions that the management system should take in response to container lifecycle events. Cannot be updated." + description: "Actions that the management system should take in response to container lifecycle events.\nCannot be updated." properties: postStart: - description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" + description: "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" @@ -1275,7 +1275,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -1283,7 +1283,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1300,10 +1300,10 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" @@ -1319,7 +1319,7 @@ spec: - "seconds" type: "object" tcpSocket: - description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified." + description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor the backward compatibility. There are no validation of this field and\nlifecycle hooks will fail in runtime when tcp handler is specified." properties: host: description: "Optional: Host name to connect to, defaults to the pod IP." @@ -1328,20 +1328,20 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" type: "object" preStop: - description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" + description: "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" @@ -1350,7 +1350,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -1358,7 +1358,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1375,10 +1375,10 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" @@ -1394,7 +1394,7 @@ spec: - "seconds" type: "object" tcpSocket: - description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified." + description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor the backward compatibility. There are no validation of this field and\nlifecycle hooks will fail in runtime when tcp handler is specified." properties: host: description: "Optional: Host name to connect to, defaults to the pod IP." @@ -1403,7 +1403,7 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" @@ -1411,19 +1411,19 @@ spec: type: "object" type: "object" livenessProbe: - description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: - description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: @@ -1434,7 +1434,7 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1443,7 +1443,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -1451,7 +1451,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1468,24 +1468,24 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: - description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1." + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: - description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1." + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: @@ -1498,45 +1498,45 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: - description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset." + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" name: - description: "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated." + description: "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated." type: "string" ports: - description: "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated." + description: "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated." items: description: "ContainerPort represents a network port in a single container." properties: containerPort: - description: "Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536." + description: "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536." format: "int32" type: "integer" hostIP: description: "What host IP to bind the external port to." type: "string" hostPort: - description: "Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this." + description: "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this." format: "int32" type: "integer" name: - description: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services." + description: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services." type: "string" protocol: default: "TCP" - description: "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\"." + description: "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\"." type: "string" required: - "containerPort" @@ -1547,19 +1547,19 @@ spec: - "protocol" x-kubernetes-list-type: "map" readinessProbe: - description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: - description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: @@ -1570,7 +1570,7 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1579,7 +1579,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -1587,7 +1587,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1604,24 +1604,24 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: - description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1." + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: - description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1." + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: @@ -1634,17 +1634,17 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: - description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset." + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" @@ -1654,10 +1654,10 @@ spec: description: "ContainerResizePolicy represents resource resize policy for the container." properties: resourceName: - description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." + description: "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory." type: "string" restartPolicy: - description: "Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired." + description: "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired." type: "string" required: - "resourceName" @@ -1666,15 +1666,15 @@ spec: type: "array" x-kubernetes-list-type: "atomic" resources: - description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" required: - "name" @@ -1690,7 +1690,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -1699,20 +1699,20 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" restartPolicy: - description: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is \"Always\". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed." + description: "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted." type: "string" securityContext: - description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" + description: "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" properties: allowPrivilegeEscalation: - description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." + description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" capabilities: - description: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows." + description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: add: description: "Added capabilities" @@ -1728,27 +1728,27 @@ spec: type: "array" type: "object" privileged: - description: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows." + description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: - description: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows." + description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" runAsGroup: - description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" runAsNonRoot: - description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "boolean" runAsUser: - description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" seLinuxOptions: - description: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." properties: level: description: "Level is SELinux level label that applies to the container." @@ -1764,48 +1764,48 @@ spec: type: "string" type: "object" seccompProfile: - description: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows." + description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: - description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is \"Localhost\". Must NOT be set for any other type." + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" windowsOptions: - description: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux." + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: gmsaCredentialSpec: - description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field." + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: - description: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true." + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." type: "boolean" runAsUserName: - description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" startupProbe: - description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: - description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: @@ -1816,7 +1816,7 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1825,7 +1825,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -1833,7 +1833,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1850,24 +1850,24 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: - description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1." + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: - description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1." + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: @@ -1880,34 +1880,34 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: - description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset." + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" stdin: - description: "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false." + description: "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false." type: "boolean" stdinOnce: - description: "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false" + description: "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false" type: "boolean" terminationMessagePath: - description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." + description: "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated." type: "string" terminationMessagePolicy: - description: "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated." + description: "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated." type: "string" tty: - description: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false." + description: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false." type: "boolean" volumeDevices: description: "volumeDevices is the list of block devices to be used by the container." @@ -1926,27 +1926,27 @@ spec: type: "object" type: "array" volumeMounts: - description: "Pod volumes to mount into the container's filesystem. Cannot be updated." + description: "Pod volumes to mount into the container's filesystem.\nCannot be updated." items: description: "VolumeMount describes a mounting of a Volume within a container." properties: mountPath: - description: "Path within the container at which the volume should be mounted. Must not contain ':'." + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." type: "string" mountPropagation: - description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10." + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." type: "string" name: description: "This must match the Name of a Volume." type: "string" readOnly: - description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false." + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" subPath: - description: "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root)." + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." type: "string" subPathExpr: - description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive." + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." type: "string" required: - "mountPath" @@ -1954,27 +1954,27 @@ spec: type: "object" type: "array" workingDir: - description: "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated." + description: "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated." type: "string" required: - "name" type: "object" type: "array" enableFeatures: - description: "Enable access to Alertmanager feature flags. By default, no features are enabled. Enabling features which are disabled by default is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. \n It requires Alertmanager >= 0.27.0." + description: "Enable access to Alertmanager feature flags. By default, no features are enabled.\nEnabling features which are disabled by default is entirely outside the\nscope of what the maintainers will support and by doing so, you accept\nthat this behaviour may break at any time without notice.\n\n\nIt requires Alertmanager >= 0.27.0." items: type: "string" type: "array" externalUrl: - description: "The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name." + description: "The external URL the Alertmanager instances will be available under. This is\nnecessary to generate correct URLs. This is necessary if Alertmanager is not\nserved from root of a DNS name." type: "string" forceEnableClusterMode: - description: "ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica. Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each." + description: "ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica.\nUse case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each." type: "boolean" hostAliases: description: "Pods' hostAliases configuration" items: - description: "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file." + description: "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the\npod's hosts file." properties: hostnames: description: "Hostnames for the above IP address." @@ -1993,10 +1993,10 @@ spec: - "ip" x-kubernetes-list-type: "map" image: - description: "Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Alertmanager is being configured." + description: "Image if specified has precedence over baseImage, tag and sha\ncombinations. Specifying the version is still necessary to ensure the\nPrometheus Operator knows what version of Alertmanager is being\nconfigured." type: "string" imagePullPolicy: - description: "Image pull policy for the 'alertmanager', 'init-config-reloader' and 'config-reloader' containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details." + description: "Image pull policy for the 'alertmanager', 'init-config-reloader' and 'config-reloader' containers.\nSee https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details." enum: - "" - "Always" @@ -2004,33 +2004,33 @@ spec: - "IfNotPresent" type: "string" imagePullSecrets: - description: "An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod" + description: "An optional list of references to secrets in the same namespace\nto use for pulling prometheus and alertmanager images from registries\nsee http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod" items: - description: "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace." + description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" type: "array" initContainers: - description: "InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Alertmanager configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch. The current init container name is: `init-config-reloader`. Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice." + description: "InitContainers allows adding initContainers to the pod definition. Those can be used to e.g.\nfetch secrets for injection into the Alertmanager configuration from external sources. Any\nerrors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/\nInitContainers described here modify an operator\ngenerated init containers if they share the same name and modifications are\ndone via a strategic merge patch. The current init container name is:\n`init-config-reloader`. Overriding init containers is entirely outside the\nscope of what the maintainers will support and by doing so, you accept that\nthis behaviour may break at any time without notice." items: description: "A single application container that you want to run within a pod." properties: args: - description: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" + description: "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" command: - description: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" + description: "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" env: - description: "List of environment variables to set in the container. Cannot be updated." + description: "List of environment variables to set in the container.\nCannot be updated." items: description: "EnvVar represents an environment variable present in a Container." properties: @@ -2038,7 +2038,7 @@ spec: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: description: "Source for the environment variable's value. Cannot be used if value is not empty." @@ -2050,7 +2050,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2060,7 +2060,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -2073,7 +2073,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -2099,7 +2099,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2114,7 +2114,7 @@ spec: type: "object" type: "array" envFrom: - description: "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated." + description: "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated." items: description: "EnvFromSource represents the source of a set of ConfigMaps" properties: @@ -2122,7 +2122,7 @@ spec: description: "The ConfigMap to select from" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -2136,7 +2136,7 @@ spec: description: "The Secret to select from" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -2146,22 +2146,22 @@ spec: type: "object" type: "array" image: - description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." + description: "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." type: "string" imagePullPolicy: - description: "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images" + description: "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images" type: "string" lifecycle: - description: "Actions that the management system should take in response to container lifecycle events. Cannot be updated." + description: "Actions that the management system should take in response to container lifecycle events.\nCannot be updated." properties: postStart: - description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" + description: "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" @@ -2170,7 +2170,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -2178,7 +2178,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -2195,10 +2195,10 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" @@ -2214,7 +2214,7 @@ spec: - "seconds" type: "object" tcpSocket: - description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified." + description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor the backward compatibility. There are no validation of this field and\nlifecycle hooks will fail in runtime when tcp handler is specified." properties: host: description: "Optional: Host name to connect to, defaults to the pod IP." @@ -2223,20 +2223,20 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" type: "object" preStop: - description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" + description: "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" @@ -2245,7 +2245,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -2253,7 +2253,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -2270,10 +2270,10 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" @@ -2289,7 +2289,7 @@ spec: - "seconds" type: "object" tcpSocket: - description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified." + description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor the backward compatibility. There are no validation of this field and\nlifecycle hooks will fail in runtime when tcp handler is specified." properties: host: description: "Optional: Host name to connect to, defaults to the pod IP." @@ -2298,7 +2298,7 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" @@ -2306,19 +2306,19 @@ spec: type: "object" type: "object" livenessProbe: - description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: - description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: @@ -2329,7 +2329,7 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2338,7 +2338,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -2346,7 +2346,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -2363,24 +2363,24 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: - description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1." + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: - description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1." + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: @@ -2393,45 +2393,45 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: - description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset." + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" name: - description: "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated." + description: "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated." type: "string" ports: - description: "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated." + description: "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated." items: description: "ContainerPort represents a network port in a single container." properties: containerPort: - description: "Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536." + description: "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536." format: "int32" type: "integer" hostIP: description: "What host IP to bind the external port to." type: "string" hostPort: - description: "Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this." + description: "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this." format: "int32" type: "integer" name: - description: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services." + description: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services." type: "string" protocol: default: "TCP" - description: "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\"." + description: "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\"." type: "string" required: - "containerPort" @@ -2442,19 +2442,19 @@ spec: - "protocol" x-kubernetes-list-type: "map" readinessProbe: - description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: - description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: @@ -2465,7 +2465,7 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2474,7 +2474,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -2482,7 +2482,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -2499,24 +2499,24 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: - description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1." + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: - description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1." + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: @@ -2529,17 +2529,17 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: - description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset." + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" @@ -2549,10 +2549,10 @@ spec: description: "ContainerResizePolicy represents resource resize policy for the container." properties: resourceName: - description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." + description: "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory." type: "string" restartPolicy: - description: "Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired." + description: "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired." type: "string" required: - "resourceName" @@ -2561,15 +2561,15 @@ spec: type: "array" x-kubernetes-list-type: "atomic" resources: - description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" required: - "name" @@ -2585,7 +2585,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -2594,20 +2594,20 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" restartPolicy: - description: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is \"Always\". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed." + description: "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted." type: "string" securityContext: - description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" + description: "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" properties: allowPrivilegeEscalation: - description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." + description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" capabilities: - description: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows." + description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: add: description: "Added capabilities" @@ -2623,27 +2623,27 @@ spec: type: "array" type: "object" privileged: - description: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows." + description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: - description: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows." + description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" runAsGroup: - description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" runAsNonRoot: - description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "boolean" runAsUser: - description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" seLinuxOptions: - description: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." properties: level: description: "Level is SELinux level label that applies to the container." @@ -2659,48 +2659,48 @@ spec: type: "string" type: "object" seccompProfile: - description: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows." + description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: - description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is \"Localhost\". Must NOT be set for any other type." + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" windowsOptions: - description: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux." + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: gmsaCredentialSpec: - description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field." + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: - description: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true." + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." type: "boolean" runAsUserName: - description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" startupProbe: - description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: - description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: @@ -2711,7 +2711,7 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2720,7 +2720,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -2728,7 +2728,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -2745,24 +2745,24 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: - description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1." + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: - description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1." + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: @@ -2775,34 +2775,34 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: - description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset." + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" stdin: - description: "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false." + description: "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false." type: "boolean" stdinOnce: - description: "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false" + description: "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false" type: "boolean" terminationMessagePath: - description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." + description: "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated." type: "string" terminationMessagePolicy: - description: "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated." + description: "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated." type: "string" tty: - description: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false." + description: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false." type: "boolean" volumeDevices: description: "volumeDevices is the list of block devices to be used by the container." @@ -2821,27 +2821,27 @@ spec: type: "object" type: "array" volumeMounts: - description: "Pod volumes to mount into the container's filesystem. Cannot be updated." + description: "Pod volumes to mount into the container's filesystem.\nCannot be updated." items: description: "VolumeMount describes a mounting of a Volume within a container." properties: mountPath: - description: "Path within the container at which the volume should be mounted. Must not contain ':'." + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." type: "string" mountPropagation: - description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10." + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." type: "string" name: description: "This must match the Name of a Volume." type: "string" readOnly: - description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false." + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" subPath: - description: "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root)." + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." type: "string" subPathExpr: - description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive." + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." type: "string" required: - "mountPath" @@ -2849,14 +2849,14 @@ spec: type: "object" type: "array" workingDir: - description: "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated." + description: "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated." type: "string" required: - "name" type: "object" type: "array" listenLocal: - description: "ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP. Note this is only for the Alertmanager UI, not the gossip communication." + description: "ListenLocal makes the Alertmanager server listen on loopback, so that it\ndoes not bind against the Pod IP. Note this is only for the Alertmanager\nUI, not the gossip communication." type: "boolean" logFormat: description: "Log format for Alertmanager to be configured with." @@ -2875,7 +2875,7 @@ spec: - "error" type: "string" minReadySeconds: - description: "Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate." + description: "Minimum number of seconds for which a newly created pod should be ready\nwithout any of its container crashing for it to be considered available.\nDefaults to 0 (pod will be considered available as soon as it is ready)\nThis is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate." format: "int32" type: "integer" nodeSelector: @@ -2884,46 +2884,46 @@ spec: description: "Define which Nodes the Pods are scheduled on." type: "object" paused: - description: "If set to true all actions on the underlying managed objects are not goint to be performed, except for delete actions." + description: "If set to true all actions on the underlying managed objects are not\ngoint to be performed, except for delete actions." type: "boolean" podMetadata: - description: "PodMetadata configures labels and annotations which are propagated to the Alertmanager pods. \n The following items are reserved and cannot be overridden: * \"alertmanager\" label, set to the name of the Alertmanager instance. * \"app.kubernetes.io/instance\" label, set to the name of the Alertmanager instance. * \"app.kubernetes.io/managed-by\" label, set to \"prometheus-operator\". * \"app.kubernetes.io/name\" label, set to \"alertmanager\". * \"app.kubernetes.io/version\" label, set to the Alertmanager version. * \"kubectl.kubernetes.io/default-container\" annotation, set to \"alertmanager\"." + description: "PodMetadata configures labels and annotations which are propagated to the Alertmanager pods.\n\n\nThe following items are reserved and cannot be overridden:\n* \"alertmanager\" label, set to the name of the Alertmanager instance.\n* \"app.kubernetes.io/instance\" label, set to the name of the Alertmanager instance.\n* \"app.kubernetes.io/managed-by\" label, set to \"prometheus-operator\".\n* \"app.kubernetes.io/name\" label, set to \"alertmanager\".\n* \"app.kubernetes.io/version\" label, set to the Alertmanager version.\n* \"kubectl.kubernetes.io/default-container\" annotation, set to \"alertmanager\"." properties: annotations: additionalProperties: type: "string" - description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + description: "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations" type: "object" labels: additionalProperties: type: "string" - description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + description: "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels" type: "object" name: - description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + description: "Name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/identifiers#names" type: "string" type: "object" portName: default: "web" - description: "Port name used for the pods and governing service. Defaults to `web`." + description: "Port name used for the pods and governing service.\nDefaults to `web`." type: "string" priorityClassName: description: "Priority class assigned to the Pods" type: "string" replicas: - description: "Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the running cluster equal to the expected size." + description: "Size is the expected size of the alertmanager cluster. The controller will\neventually make the size of the running cluster equal to the expected\nsize." format: "int32" type: "integer" resources: description: "Define resources requests and limits for single Pods." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" required: - "name" @@ -2939,7 +2939,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -2948,45 +2948,45 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" retention: default: "120h" - description: "Time duration Alertmanager shall retain data for. Default is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours)." + description: "Time duration Alertmanager shall retain data for. Default is '120h',\nand must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours)." pattern: "^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" routePrefix: - description: "The route prefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`." + description: "The route prefix Alertmanager registers HTTP handlers for. This is useful,\nif using ExternalURL and a proxy is rewriting HTTP routes of a request,\nand the actual ExternalURL is still true, but the server serves requests\nunder a different route prefix. For example for use with `kubectl proxy`." type: "string" secrets: - description: "Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. Each Secret is added to the StatefulSet definition as a volume named `secret-`. The Secrets are mounted into `/etc/alertmanager/secrets/` in the 'alertmanager' container." + description: "Secrets is a list of Secrets in the same namespace as the Alertmanager\nobject, which shall be mounted into the Alertmanager Pods.\nEach Secret is added to the StatefulSet definition as a volume named `secret-`.\nThe Secrets are mounted into `/etc/alertmanager/secrets/` in the 'alertmanager' container." items: type: "string" type: "array" securityContext: - description: "SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext." + description: "SecurityContext holds pod-level security attributes and common container settings.\nThis defaults to the default PodSecurityContext." properties: fsGroup: - description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: - description: "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used. Note that this field cannot be set when spec.os.name is windows." + description: "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows." type: "string" runAsGroup: - description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows." + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" runAsNonRoot: - description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "boolean" runAsUser: - description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows." + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" seLinuxOptions: - description: "The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows." + description: "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows." properties: level: description: "Level is SELinux level label that applies to the container." @@ -3002,25 +3002,25 @@ spec: type: "string" type: "object" seccompProfile: - description: "The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows." + description: "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: - description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is \"Localhost\". Must NOT be set for any other type." + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" sysctls: - description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows." + description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: description: "Sysctl defines a kernel parameter to be set" properties: @@ -3036,70 +3036,70 @@ spec: type: "object" type: "array" windowsOptions: - description: "The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux." + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: gmsaCredentialSpec: - description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field." + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: - description: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true." + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." type: "boolean" runAsUserName: - description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" serviceAccountName: - description: "ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods." + description: "ServiceAccountName is the name of the ServiceAccount to use to run the\nPrometheus Pods." type: "string" sha: - description: "SHA of Alertmanager container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use 'image' instead. The image digest can be specified as part of the image URL." + description: "SHA of Alertmanager container image to be deployed. Defaults to the value of `version`.\nSimilar to a tag, but the SHA explicitly deploys an immutable container image.\nVersion and Tag are ignored if SHA is set.\nDeprecated: use 'image' instead. The image digest can be specified as part of the image URL." type: "string" storage: - description: "Storage is the definition of how storage will be used by the Alertmanager instances." + description: "Storage is the definition of how storage will be used by the Alertmanager\ninstances." properties: disableMountSubPath: description: "Deprecated: subPath usage will be removed in a future release." type: "boolean" emptyDir: - description: "EmptyDirVolumeSource to be used by the StatefulSet. If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir" + description: "EmptyDirVolumeSource to be used by the StatefulSet.\nIf specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir" properties: medium: - description: "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + description: "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" type: "string" sizeLimit: anyOf: - type: "integer" - type: "string" - description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + description: "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "EphemeralVolumeSource to be used by the StatefulSet. This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes" + description: "EphemeralVolumeSource to be used by the StatefulSet.\nThis is a beta field in k8s 1.21 and GA in 1.15.\nFor lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate.\nMore info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes" properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." properties: metadata: - description: "May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation." + description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." type: "object" spec: - description: "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here." + description: "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here." properties: accessModes: - description: "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + description: "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" items: type: "string" type: "array" dataSource: - description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." + description: "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource." properties: apiGroup: - description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" kind: description: "Kind is the type of resource being referenced" @@ -3113,10 +3113,10 @@ spec: type: "object" x-kubernetes-map-type: "atomic" dataSourceRef: - description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." properties: apiGroup: - description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" kind: description: "Kind is the type of resource being referenced" @@ -3125,14 +3125,14 @@ spec: description: "Name is the name of resource being referenced" type: "string" namespace: - description: "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + description: "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." type: "string" required: - "kind" - "name" type: "object" resources: - description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" + description: "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" properties: limits: additionalProperties: @@ -3141,7 +3141,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -3150,7 +3150,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" selector: @@ -3159,16 +3159,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -3180,18 +3180,18 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" storageClassName: - description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" + description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." type: "string" volumeMode: - description: "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec." + description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." type: "string" volumeName: description: "volumeName is the binding reference to the PersistentVolume backing this claim." @@ -3202,13 +3202,13 @@ spec: type: "object" type: "object" volumeClaimTemplate: - description: "Defines the PVC spec to be used by the Prometheus StatefulSets. The easiest way to use a volume that cannot be automatically provisioned is to use a label selector alongside manually created PersistentVolumes." + description: "Defines the PVC spec to be used by the Prometheus StatefulSets.\nThe easiest way to use a volume that cannot be automatically provisioned\nis to use a label selector alongside manually created PersistentVolumes." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: description: "EmbeddedMetadata contains metadata relevant to an EmbeddedResource." @@ -3216,30 +3216,30 @@ spec: annotations: additionalProperties: type: "string" - description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + description: "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations" type: "object" labels: additionalProperties: type: "string" - description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + description: "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels" type: "object" name: - description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + description: "Name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/identifiers#names" type: "string" type: "object" spec: - description: "Defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + description: "Defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" properties: accessModes: - description: "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + description: "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" items: type: "string" type: "array" dataSource: - description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." + description: "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource." properties: apiGroup: - description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" kind: description: "Kind is the type of resource being referenced" @@ -3253,10 +3253,10 @@ spec: type: "object" x-kubernetes-map-type: "atomic" dataSourceRef: - description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." properties: apiGroup: - description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" kind: description: "Kind is the type of resource being referenced" @@ -3265,14 +3265,14 @@ spec: description: "Name is the name of resource being referenced" type: "string" namespace: - description: "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + description: "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." type: "string" required: - "kind" - "name" type: "object" resources: - description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" + description: "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" properties: limits: additionalProperties: @@ -3281,7 +3281,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -3290,7 +3290,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" selector: @@ -3299,16 +3299,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -3320,18 +3320,18 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" storageClassName: - description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" + description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." type: "string" volumeMode: - description: "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec." + description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." type: "string" volumeName: description: "volumeName is the binding reference to the PersistentVolume backing this claim." @@ -3341,15 +3341,15 @@ spec: description: "Deprecated: this field is never set." properties: accessModes: - description: "accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + description: "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" items: type: "string" type: "array" allocatedResourceStatuses: additionalProperties: - description: "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource that it does not recognizes, then it should ignore that update and let other controllers handle it." + description: "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it." type: "string" - description: "allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. \n ClaimResourceStatus can be in any of following states: - ControllerResizeInProgress: State set when resize controller starts resizing the volume in control-plane. - ControllerResizeFailed: State set when resize has failed in resize controller with a terminal error. - NodeResizePending: State set when resize controller has finished resizing the volume but further resizing of volume is needed on the node. - NodeResizeInProgress: State set when kubelet starts resizing the volume. - NodeResizeFailed: State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed. For example: if expanding a PVC for more capacity - this field can be one of the following states: - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\" When this field is not set, it means that no resize operation is in progress for the given PVC. \n A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." + description: "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: "object" x-kubernetes-map-type: "granular" allocatedResources: @@ -3359,7 +3359,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. \n Capacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. \n A controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." + description: "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: "object" capacity: additionalProperties: @@ -3371,7 +3371,7 @@ spec: description: "capacity represents the actual resources of the underlying volume." type: "object" conditions: - description: "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'." + description: "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'ResizeStarted'." items: description: "PersistentVolumeClaimCondition contains details about state of pvc" properties: @@ -3387,7 +3387,7 @@ spec: description: "message is the human-readable message indicating details about last transition." type: "string" reason: - description: "reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports \"ResizeStarted\" that means the underlying persistent volume is being resized." + description: "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"ResizeStarted\" that means the underlying\npersistent volume is being resized." type: "string" status: type: "string" @@ -3400,13 +3400,13 @@ spec: type: "object" type: "array" currentVolumeAttributesClassName: - description: "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim This is an alpha field and requires enabling VolumeAttributesClass feature." + description: "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is an alpha field and requires enabling VolumeAttributesClass feature." type: "string" modifyVolumeStatus: - description: "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. This is an alpha field and requires enabling VolumeAttributesClass feature." + description: "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is an alpha field and requires enabling VolumeAttributesClass feature." properties: status: - description: "status is the status of the ControllerModifyVolume operation. It can be in any of following states: - Pending Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as the specified VolumeAttributesClass not existing. - InProgress InProgress indicates that the volume is being modified. - Infeasible Infeasible indicates that the request has been rejected as invalid by the CSI driver. To resolve the error, a valid VolumeAttributesClass needs to be specified. Note: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately." + description: "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately." type: "string" targetVolumeAttributesClassName: description: "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled" @@ -3421,28 +3421,28 @@ spec: type: "object" type: "object" tag: - description: "Tag of Alertmanager container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use 'image' instead. The image tag can be specified as part of the image URL." + description: "Tag of Alertmanager container image to be deployed. Defaults to the value of `version`.\nVersion is ignored if Tag is set.\nDeprecated: use 'image' instead. The image tag can be specified as part of the image URL." type: "string" tolerations: description: "If specified, the pod's tolerations." items: - description: "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator ." + description: "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ." properties: effect: - description: "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + description: "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." type: "string" key: - description: "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys." + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys." type: "string" operator: - description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category." + description: "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category." type: "string" tolerationSeconds: - description: "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system." + description: "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system." format: "int64" type: "integer" value: - description: "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string." + description: "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string." type: "string" type: "object" type: "array" @@ -3452,21 +3452,21 @@ spec: description: "TopologySpreadConstraint specifies how to spread matching pods among the given topology." properties: labelSelector: - description: "LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain." + description: "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -3478,35 +3478,35 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" maxSkew: - description: "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed." + description: "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed." format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. \n This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.\n\n\nThis is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default)." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: - description: "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field." + description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." type: "string" whenUnsatisfiable: - description: "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered \"Unsatisfiable\" for an incoming pod if and only if every possible node assignment for that pod would violate \"MaxSkew\" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field." + description: "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field." type: "string" required: - "maxSkew" @@ -3518,27 +3518,27 @@ spec: description: "Version the cluster should be on." type: "string" volumeMounts: - description: "VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the alertmanager container, that are generated as a result of StorageSpec objects." + description: "VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition.\nVolumeMounts specified will be appended to other VolumeMounts in the alertmanager container,\nthat are generated as a result of StorageSpec objects." items: description: "VolumeMount describes a mounting of a Volume within a container." properties: mountPath: - description: "Path within the container at which the volume should be mounted. Must not contain ':'." + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." type: "string" mountPropagation: - description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10." + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." type: "string" name: description: "This must match the Name of a Volume." type: "string" readOnly: - description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false." + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" subPath: - description: "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root)." + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." type: "string" subPathExpr: - description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive." + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." type: "string" required: - "mountPath" @@ -3546,25 +3546,25 @@ spec: type: "object" type: "array" volumes: - description: "Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects." + description: "Volumes allows configuration of additional volumes on the output StatefulSet definition.\nVolumes specified will be appended to other volumes that are generated as a result of\nStorageSpec objects." items: description: "Volume represents a named volume in a pod that may be accessed by any container in the pod." properties: awsElasticBlockStore: - description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" partition: - description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." + description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." format: "int32" type: "integer" readOnly: - description: "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + description: "readOnly value true will force the readOnly setting in VolumeMounts.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "boolean" volumeID: - description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" required: - "volumeID" @@ -3582,13 +3582,13 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: - description: "fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: - description: "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: - "diskName" @@ -3598,7 +3598,7 @@ spec: description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod." properties: readOnly: - description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" secretName: description: "secretName is the name of secret that contains Azure Storage Account Name and Key" @@ -3614,7 +3614,7 @@ spec: description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime" properties: monitors: - description: "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "monitors is Required: Monitors is a collection of Ceph monitors\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" items: type: "string" type: "array" @@ -3622,44 +3622,44 @@ spec: description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" type: "string" readOnly: - description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "boolean" secretFile: - description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "string" secretRef: - description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: - description: "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + description: "user is optional: User is the rados user name, default is admin\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" type: "string" required: - "monitors" type: "object" cinder: - description: "cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "cinder represents a cinder volume attached and mounted on kubelets host machine.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" properties: fsType: - description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "string" readOnly: - description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "boolean" secretRef: - description: "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack." + description: "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack." properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" volumeID: - description: "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + description: "volumeID used to identify the volume in cinder.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" type: "string" required: - "volumeID" @@ -3668,11 +3668,11 @@ spec: description: "configMap represents a configMap that should populate this volume" properties: defaultMode: - description: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" items: - description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: @@ -3680,11 +3680,11 @@ spec: description: "key is the key to project." type: "string" mode: - description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." type: "string" required: - "key" @@ -3692,7 +3692,7 @@ spec: type: "object" type: "array" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -3703,26 +3703,26 @@ spec: description: "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature)." properties: driver: - description: "driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster." + description: "driver is the name of the CSI driver that handles this volume.\nConsult with your admin for the correct name as registered in the cluster." type: "string" fsType: - description: "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply." + description: "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\".\nIf not provided, the empty value is passed to the associated CSI driver\nwhich will determine the default filesystem to apply." type: "string" nodePublishSecretRef: - description: "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed." + description: "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed." properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" readOnly: - description: "readOnly specifies a read-only configuration for the volume. Defaults to false (read/write)." + description: "readOnly specifies a read-only configuration for the volume.\nDefaults to false (read/write)." type: "boolean" volumeAttributes: additionalProperties: type: "string" - description: "volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values." + description: "volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values." type: "object" required: - "driver" @@ -3731,7 +3731,7 @@ spec: description: "downwardAPI represents downward API about the pod that should populate this volume" properties: defaultMode: - description: "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "Optional: mode bits to use on created files by default. Must be a\nOptional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" items: @@ -3753,14 +3753,14 @@ spec: type: "object" x-kubernetes-map-type: "atomic" mode: - description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" type: "string" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -3785,41 +3785,41 @@ spec: type: "array" type: "object" emptyDir: - description: "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + description: "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" properties: medium: - description: "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + description: "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" type: "string" sizeLimit: anyOf: - type: "integer" - type: "string" - description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + description: "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." properties: metadata: - description: "May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation." + description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." type: "object" spec: - description: "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here." + description: "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here." properties: accessModes: - description: "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + description: "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" items: type: "string" type: "array" dataSource: - description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." + description: "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource." properties: apiGroup: - description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" kind: description: "Kind is the type of resource being referenced" @@ -3833,10 +3833,10 @@ spec: type: "object" x-kubernetes-map-type: "atomic" dataSourceRef: - description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." properties: apiGroup: - description: "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required." + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." type: "string" kind: description: "Kind is the type of resource being referenced" @@ -3845,14 +3845,14 @@ spec: description: "Name is the name of resource being referenced" type: "string" namespace: - description: "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + description: "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." type: "string" required: - "kind" - "name" type: "object" resources: - description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" + description: "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" properties: limits: additionalProperties: @@ -3861,7 +3861,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -3870,7 +3870,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" selector: @@ -3879,16 +3879,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -3900,18 +3900,18 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" storageClassName: - description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" + description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." type: "string" volumeMode: - description: "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec." + description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." type: "string" volumeName: description: "volumeName is the binding reference to the PersistentVolume backing this claim." @@ -3925,14 +3925,14 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" lun: description: "lun is Optional: FC target lun number" format: "int32" type: "integer" readOnly: - description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" targetWWNs: description: "targetWWNs is Optional: FC target worldwide names (WWNs)" @@ -3940,19 +3940,19 @@ spec: type: "string" type: "array" wwids: - description: "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously." + description: "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously." items: type: "string" type: "array" type: "object" flexVolume: - description: "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin." + description: "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin." properties: driver: description: "driver is the name of the driver to use for this volume." type: "string" fsType: - description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script." + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script." type: "string" options: additionalProperties: @@ -3960,13 +3960,13 @@ spec: description: "options is Optional: this field holds extra command options if any." type: "object" readOnly: - description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" secretRef: - description: "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." + description: "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts." properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3977,36 +3977,36 @@ spec: description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running" properties: datasetName: - description: "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated" + description: "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker\nshould be considered as deprecated" type: "string" datasetUUID: description: "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset" type: "string" type: "object" gcePersistentDisk: - description: "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" partition: - description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" format: "int32" type: "integer" pdName: - description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" readOnly: - description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "boolean" required: - "pdName" type: "object" gitRepo: - description: "gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." + description: "gitRepo represents a git repository at a particular revision.\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\ninto the Pod's container." properties: directory: - description: "directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name." + description: "directory is the target directory name.\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\ngit repository. Otherwise, if specified, the volume will contain the git repository in\nthe subdirectory with the given name." type: "string" repository: description: "repository is the URL" @@ -4018,35 +4018,35 @@ spec: - "repository" type: "object" glusterfs: - description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md" + description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md" properties: endpoints: - description: "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + description: "endpoints is the endpoint name that details Glusterfs topology.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "string" path: - description: "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + description: "path is the Glusterfs volume path.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "string" readOnly: - description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" type: "boolean" required: - "endpoints" - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." properties: path: - description: "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" type: "string" type: - description: "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + description: "type for HostPath Volume\nDefaults to \"\"\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" type: "string" required: - "path" type: "object" iscsi: - description: "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" + description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: chapAuthDiscovery: description: "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication" @@ -4055,39 +4055,39 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" initiatorName: - description: "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection." + description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." type: "string" iqn: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: - description: "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp)." + description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: description: "lun represents iSCSI Target Lun number." format: "int32" type: "integer" portals: - description: "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." + description: "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260)." items: type: "string" type: "array" readOnly: - description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false." + description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false." type: "boolean" secretRef: description: "secretRef is the CHAP Secret for iSCSI target and initiator authentication" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" targetPortal: - description: "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)." + description: "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260)." type: "string" required: - "iqn" @@ -4095,32 +4095,32 @@ spec: - "targetPortal" type: "object" name: - description: "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" nfs: - description: "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "nfs represents an NFS mount on the host that shares a pod's lifetime\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" properties: path: - description: "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "path that is exported by the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "string" readOnly: - description: "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "readOnly here will force the NFS export to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "boolean" server: - description: "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + description: "server is the hostname or IP address of the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" type: "string" required: - "path" - "server" type: "object" persistentVolumeClaim: - description: "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + description: "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" properties: claimName: - description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" type: "string" readOnly: - description: "readOnly Will force the ReadOnly setting in VolumeMounts. Default false." + description: "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false." type: "boolean" required: - "claimName" @@ -4129,7 +4129,7 @@ spec: description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine" properties: fsType: - description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" pdID: description: "pdID is the ID that identifies Photon Controller persistent disk" @@ -4141,10 +4141,10 @@ spec: description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine" properties: fsType: - description: "fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fSType represents the filesystem type to mount\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" readOnly: - description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" volumeID: description: "volumeID uniquely identifies a Portworx volume" @@ -4156,7 +4156,7 @@ spec: description: "projected items for all in one resources secrets, configmaps, and downward API" properties: defaultMode: - description: "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" sources: @@ -4165,24 +4165,24 @@ spec: description: "Projection that may be projected along with other supported volume types" properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. \n Alpha, gated by the ClusterTrustBundleProjection feature gate. \n ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. \n Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: - description: "Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as \"match nothing\". If set but empty, interpreted as \"match everything\"." + description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -4194,21 +4194,21 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" name: - description: "Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector." + description: "Select a single ClusterTrustBundle by object name. Mutually-exclusive\nwith signerName and labelSelector." type: "string" optional: - description: "If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles." + description: "If true, don't block pod startup if the referenced ClusterTrustBundle(s)\naren't available. If using name, then the named ClusterTrustBundle is\nallowed not to exist. If using signerName, then the combination of\nsignerName and labelSelector is allowed to match zero\nClusterTrustBundles." type: "boolean" path: description: "Relative path from the volume root to write the bundle." type: "string" signerName: - description: "Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated." + description: "Select all ClusterTrustBundles that match this signer name.\nMutually-exclusive with name. The contents of all selected\nClusterTrustBundles will be unified and deduplicated." type: "string" required: - "path" @@ -4217,7 +4217,7 @@ spec: description: "configMap information about the configMap data to project" properties: items: - description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: @@ -4225,11 +4225,11 @@ spec: description: "key is the key to project." type: "string" mode: - description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." type: "string" required: - "key" @@ -4237,7 +4237,7 @@ spec: type: "object" type: "array" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -4266,14 +4266,14 @@ spec: type: "object" x-kubernetes-map-type: "atomic" mode: - description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" type: "string" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -4301,7 +4301,7 @@ spec: description: "secret information about the secret data to project" properties: items: - description: "items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: @@ -4309,11 +4309,11 @@ spec: description: "key is the key to project." type: "string" mode: - description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." type: "string" required: - "key" @@ -4321,7 +4321,7 @@ spec: type: "object" type: "array" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -4332,14 +4332,14 @@ spec: description: "serviceAccountToken is information about the serviceAccountToken data to project" properties: audience: - description: "audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver." + description: "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver." type: "string" expirationSeconds: - description: "expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes." + description: "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes." format: "int64" type: "integer" path: - description: "path is the path relative to the mount point of the file to project the token into." + description: "path is the path relative to the mount point of the file to project the\ntoken into." type: "string" required: - "path" @@ -4351,19 +4351,19 @@ spec: description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime" properties: group: - description: "group to map volume access to Default is no group" + description: "group to map volume access to\nDefault is no group" type: "string" readOnly: - description: "readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false." + description: "readOnly here will force the Quobyte volume to be mounted with read-only permissions.\nDefaults to false." type: "boolean" registry: - description: "registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes" + description: "registry represents a single or multiple Quobyte Registry services\nspecified as a string as host:port pair (multiple entries are separated with commas)\nwhich acts as the central registry for volumes" type: "string" tenant: - description: "tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin" + description: "tenant owning the given Quobyte volume in the Backend\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin" type: "string" user: - description: "user to map volume access to Defaults to serivceaccount user" + description: "user to map volume access to\nDefaults to serivceaccount user" type: "string" volume: description: "volume is a string that references an already created Quobyte volume by name." @@ -4373,38 +4373,38 @@ spec: - "volume" type: "object" rbd: - description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md" + description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" type: "string" image: - description: "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: - description: "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: - description: "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" items: type: "string" type: "array" pool: - description: "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: - description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "boolean" secretRef: - description: "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: - description: "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: - "image" @@ -4414,7 +4414,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: - description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\"." + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: description: "gateway is the host address of the ScaleIO API Gateway." @@ -4423,13 +4423,13 @@ spec: description: "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage." type: "string" readOnly: - description: "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" secretRef: - description: "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail." + description: "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail." properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4437,7 +4437,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: - description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned." + description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: description: "storagePool is the ScaleIO Storage Pool associated with the protection domain." @@ -4446,7 +4446,7 @@ spec: description: "system is the name of the storage system as configured in ScaleIO." type: "string" volumeName: - description: "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source." + description: "volumeName is the name of a volume already created in the ScaleIO system\nthat is associated with this volume source." type: "string" required: - "gateway" @@ -4454,14 +4454,14 @@ spec: - "system" type: "object" secret: - description: "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + description: "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" properties: defaultMode: - description: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" items: - description: "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'." + description: "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." items: description: "Maps a string key to a path within a volume." properties: @@ -4469,11 +4469,11 @@ spec: description: "key is the key to project." type: "string" mode: - description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + description: "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." format: "int32" type: "integer" path: - description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'." + description: "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." type: "string" required: - "key" @@ -4484,38 +4484,38 @@ spec: description: "optional field specify whether the Secret or its keys must be defined" type: "boolean" secretName: - description: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + description: "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" type: "string" type: "object" storageos: description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes." properties: fsType: - description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" readOnly: - description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." + description: "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" secretRef: - description: "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted." + description: "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted." properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" volumeName: - description: "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace." + description: "volumeName is the human-readable name of the StorageOS volume. Volume\nnames are only unique within a namespace." type: "string" volumeNamespace: - description: "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created." + description: "volumeNamespace specifies the scope of the volume within StorageOS. If no\nnamespace is specified then the Pod's namespace will be used. This allows the\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\nSet VolumeName to any name to override the default behaviour.\nSet to \"default\" if you are not using namespaces within StorageOS.\nNamespaces that do not pre-exist within StorageOS will be created." type: "string" type: "object" vsphereVolume: description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine" properties: fsType: - description: "fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + description: "fsType is filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" storagePolicyID: description: "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName." @@ -4537,7 +4537,7 @@ spec: description: "Defines the web command line flags when starting Alertmanager." properties: getConcurrency: - description: "Maximum number of GET requests processed concurrently. This corresponds to the Alertmanager's `--web.get-concurrency` flag." + description: "Maximum number of GET requests processed concurrently. This corresponds to the\nAlertmanager's `--web.get-concurrency` flag." format: "int32" type: "integer" httpConfig: @@ -4547,34 +4547,34 @@ spec: description: "List of headers that can be added to HTTP responses." properties: contentSecurityPolicy: - description: "Set the Content-Security-Policy header to HTTP responses. Unset if blank." + description: "Set the Content-Security-Policy header to HTTP responses.\nUnset if blank." type: "string" strictTransportSecurity: - description: "Set the Strict-Transport-Security header to HTTP responses. Unset if blank. Please make sure that you use this with care as this header might force browsers to load Prometheus and the other applications hosted on the same domain and subdomains over HTTPS. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security" + description: "Set the Strict-Transport-Security header to HTTP responses.\nUnset if blank.\nPlease make sure that you use this with care as this header might force\nbrowsers to load Prometheus and the other applications hosted on the same\ndomain and subdomains over HTTPS.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security" type: "string" xContentTypeOptions: - description: "Set the X-Content-Type-Options header to HTTP responses. Unset if blank. Accepted value is nosniff. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options" + description: "Set the X-Content-Type-Options header to HTTP responses.\nUnset if blank. Accepted value is nosniff.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options" enum: - "" - "NoSniff" type: "string" xFrameOptions: - description: "Set the X-Frame-Options header to HTTP responses. Unset if blank. Accepted values are deny and sameorigin. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options" + description: "Set the X-Frame-Options header to HTTP responses.\nUnset if blank. Accepted values are deny and sameorigin.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options" enum: - "" - "Deny" - "SameOrigin" type: "string" xXSSProtection: - description: "Set the X-XSS-Protection header to all responses. Unset if blank. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection" + description: "Set the X-XSS-Protection header to all responses.\nUnset if blank.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection" type: "string" type: "object" http2: - description: "Enable HTTP/2 support. Note that HTTP/2 is only supported with TLS. When TLSConfig is not configured, HTTP/2 will be disabled. Whenever the value of the field changes, a rolling update will be triggered." + description: "Enable HTTP/2 support. Note that HTTP/2 is only supported with TLS.\nWhen TLSConfig is not configured, HTTP/2 will be disabled.\nWhenever the value of the field changes, a rolling update will be triggered." type: "boolean" type: "object" timeout: - description: "Timeout for HTTP requests. This corresponds to the Alertmanager's `--web.timeout` flag." + description: "Timeout for HTTP requests. This corresponds to the Alertmanager's\n`--web.timeout` flag." format: "int32" type: "integer" tlsConfig: @@ -4590,7 +4590,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4606,7 +4606,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4617,12 +4617,12 @@ spec: x-kubernetes-map-type: "atomic" type: "object" cipherSuites: - description: "List of supported cipher suites for TLS versions up to TLS 1.2. If empty, Go default cipher suites are used. Available cipher suites are documented in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants" + description: "List of supported cipher suites for TLS versions up to TLS 1.2. If empty,\nGo default cipher suites are used. Available cipher suites are documented\nin the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants" items: type: "string" type: "array" clientAuthType: - description: "Server policy for client authentication. Maps to ClientAuth Policies. For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType" + description: "Server policy for client authentication. Maps to ClientAuth Policies.\nFor more detail on clientAuth options:\nhttps://golang.org/pkg/crypto/tls/#ClientAuthType" type: "string" client_ca: description: "Contains the CA certificate for client certificate authentication to the server." @@ -4634,7 +4634,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4650,7 +4650,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4661,7 +4661,7 @@ spec: x-kubernetes-map-type: "atomic" type: "object" curvePreferences: - description: "Elliptic curves that will be used in an ECDHE handshake, in preference order. Available curves are documented in the go documentation: https://golang.org/pkg/crypto/tls/#CurveID" + description: "Elliptic curves that will be used in an ECDHE handshake, in preference\norder. Available curves are documented in the go documentation:\nhttps://golang.org/pkg/crypto/tls/#CurveID" items: type: "string" type: "array" @@ -4672,7 +4672,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4688,7 +4688,7 @@ spec: description: "Minimum TLS version that is acceptable. Defaults to TLS12." type: "string" preferServerCipherSuites: - description: "Controls whether the server selects the client's most preferred cipher suite, or the server's most preferred cipher suite. If true then the server's preference, as expressed in the order of elements in cipherSuites, is used." + description: "Controls whether the server selects the\nclient's most preferred cipher suite, or the server's most preferred\ncipher suite. If true then the server's preference, as expressed in\nthe order of elements in cipherSuites, is used." type: "boolean" required: - "cert" @@ -4697,16 +4697,16 @@ spec: type: "object" type: "object" status: - description: "Most recent observed status of the Alertmanager cluster. Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + description: "Most recent observed status of the Alertmanager cluster. Read-only.\nMore info:\nhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" properties: availableReplicas: - description: "Total number of available pods (ready for at least minReadySeconds) targeted by this Alertmanager cluster." + description: "Total number of available pods (ready for at least minReadySeconds)\ntargeted by this Alertmanager cluster." format: "int32" type: "integer" conditions: description: "The current state of the Alertmanager object." items: - description: "Condition represents the state of the resources associated with the Prometheus, Alertmanager or ThanosRuler resource." + description: "Condition represents the state of the resources associated with the\nPrometheus, Alertmanager or ThanosRuler resource." properties: lastTransitionTime: description: "lastTransitionTime is the time of the last update to the current status property." @@ -4716,7 +4716,7 @@ spec: description: "Human-readable message indicating details for the condition's last transition." type: "string" observedGeneration: - description: "ObservedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if `.metadata.generation` is currently 12, but the `.status.conditions[].observedGeneration` is 9, the condition is out of date with respect to the current state of the instance." + description: "ObservedGeneration represents the .metadata.generation that the\ncondition was set based upon. For instance, if `.metadata.generation` is\ncurrently 12, but the `.status.conditions[].observedGeneration` is 9, the\ncondition is out of date with respect to the current state of the\ninstance." format: "int64" type: "integer" reason: @@ -4738,10 +4738,10 @@ spec: - "type" x-kubernetes-list-type: "map" paused: - description: "Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed." + description: "Represents whether any actions on the underlying managed objects are\nbeing performed. Only delete actions will be performed." type: "boolean" replicas: - description: "Total number of non-terminated pods targeted by this Alertmanager object (their labels match the selector)." + description: "Total number of non-terminated pods targeted by this Alertmanager\nobject (their labels match the selector)." format: "int32" type: "integer" unavailableReplicas: @@ -4749,7 +4749,7 @@ spec: format: "int32" type: "integer" updatedReplicas: - description: "Total number of non-terminated pods targeted by this Alertmanager object that have the desired version spec." + description: "Total number of non-terminated pods targeted by this Alertmanager\nobject that have the desired version spec." format: "int32" type: "integer" required: diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/podmonitors.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/podmonitors.yaml index 31a744c49..b2310d03c 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/podmonitors.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/podmonitors.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.13.0" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "podmonitors.monitoring.coreos.com" spec: group: "monitoring.coreos.com" @@ -23,10 +23,10 @@ spec: description: "PodMonitor defines monitoring for a set of pods." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -34,40 +34,40 @@ spec: description: "Specification of desired Pod selection for target discovery by Prometheus." properties: attachMetadata: - description: "`attachMetadata` defines additional metadata which is added to the discovered targets. \n It requires Prometheus >= v2.37.0." + description: "`attachMetadata` defines additional metadata which is added to the\ndiscovered targets.\n\n\nIt requires Prometheus >= v2.37.0." properties: node: - description: "When set to true, Prometheus must have the `get` permission on the `Nodes` objects." + description: "When set to true, Prometheus must have the `get` permission on the\n`Nodes` objects." type: "boolean" type: "object" bodySizeLimit: - description: "When defined, bodySizeLimit specifies a job level limit on the size of uncompressed response body that will be accepted by Prometheus. \n It requires Prometheus >= v2.28.0." + description: "When defined, bodySizeLimit specifies a job level limit on the size\nof uncompressed response body that will be accepted by Prometheus.\n\n\nIt requires Prometheus >= v2.28.0." pattern: "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$" type: "string" jobLabel: - description: "The label to use to retrieve the job name from. `jobLabel` selects the label from the associated Kubernetes `Pod` object which will be used as the `job` label for all metrics. \n For example if `jobLabel` is set to `foo` and the Kubernetes `Pod` object is labeled with `foo: bar`, then Prometheus adds the `job=\"bar\"` label to all ingested metrics. \n If the value of this field is empty, the `job` label of the metrics defaults to the namespace and name of the PodMonitor object (e.g. `/`)." + description: "The label to use to retrieve the job name from.\n`jobLabel` selects the label from the associated Kubernetes `Pod`\nobject which will be used as the `job` label for all metrics.\n\n\nFor example if `jobLabel` is set to `foo` and the Kubernetes `Pod`\nobject is labeled with `foo: bar`, then Prometheus adds the `job=\"bar\"`\nlabel to all ingested metrics.\n\n\nIf the value of this field is empty, the `job` label of the metrics\ndefaults to the namespace and name of the PodMonitor object (e.g. `/`)." type: "string" keepDroppedTargets: - description: "Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. \n It requires Prometheus >= v2.47.0." + description: "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\n\nIt requires Prometheus >= v2.47.0." format: "int64" type: "integer" labelLimit: - description: "Per-scrape limit on number of labels that will be accepted for a sample. \n It requires Prometheus >= v2.27.0." + description: "Per-scrape limit on number of labels that will be accepted for a sample.\n\n\nIt requires Prometheus >= v2.27.0." format: "int64" type: "integer" labelNameLengthLimit: - description: "Per-scrape limit on length of labels name that will be accepted for a sample. \n It requires Prometheus >= v2.27.0." + description: "Per-scrape limit on length of labels name that will be accepted for a sample.\n\n\nIt requires Prometheus >= v2.27.0." format: "int64" type: "integer" labelValueLengthLimit: - description: "Per-scrape limit on length of labels value that will be accepted for a sample. \n It requires Prometheus >= v2.27.0." + description: "Per-scrape limit on length of labels value that will be accepted for a sample.\n\n\nIt requires Prometheus >= v2.27.0." format: "int64" type: "integer" namespaceSelector: - description: "Selector to select which namespaces the Kubernetes `Pods` objects are discovered from." + description: "Selector to select which namespaces the Kubernetes `Pods` objects\nare discovered from." properties: any: - description: "Boolean describing whether all namespaces are selected in contrast to a list restricting them." + description: "Boolean describing whether all namespaces are selected in contrast to a\nlist restricting them." type: "boolean" matchNames: description: "List of namespace names to select from." @@ -78,10 +78,10 @@ spec: podMetricsEndpoints: description: "List of endpoints part of this PodMonitor." items: - description: "PodMetricsEndpoint defines an endpoint serving Prometheus metrics to be scraped by Prometheus." + description: "PodMetricsEndpoint defines an endpoint serving Prometheus metrics to be scraped by\nPrometheus." properties: authorization: - description: "`authorization` configures the Authorization header credentials to use when scraping the target. \n Cannot be set at the same time as `basicAuth`, or `oauth2`." + description: "`authorization` configures the Authorization header credentials to use when\nscraping the target.\n\n\nCannot be set at the same time as `basicAuth`, or `oauth2`." properties: credentials: description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." @@ -90,7 +90,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -100,20 +100,20 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive. \n \"Basic\" is not a supported value. \n Default: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: - description: "`basicAuth` configures the Basic Authentication credentials to use when scraping the target. \n Cannot be set at the same time as `authorization`, or `oauth2`." + description: "`basicAuth` configures the Basic Authentication credentials to use when\nscraping the target.\n\n\nCannot be set at the same time as `authorization`, or `oauth2`." properties: password: - description: "`password` specifies a key of a Secret containing the password for authentication." + description: "`password` specifies a key of a Secret containing the password for\nauthentication." properties: key: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -123,13 +123,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" username: - description: "`username` specifies a key of a Secret containing the username for authentication." + description: "`username` specifies a key of a Secret containing the username for\nauthentication." properties: key: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -140,13 +140,13 @@ spec: x-kubernetes-map-type: "atomic" type: "object" bearerTokenSecret: - description: "`bearerTokenSecret` specifies a key of a Secret containing the bearer token for scraping targets. The secret needs to be in the same namespace as the PodMonitor object and readable by the Prometheus Operator. \n Deprecated: use `authorization` instead." + description: "`bearerTokenSecret` specifies a key of a Secret containing the bearer\ntoken for scraping targets. The secret needs to be in the same namespace\nas the PodMonitor object and readable by the Prometheus Operator.\n\n\nDeprecated: use `authorization` instead." properties: key: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -159,29 +159,29 @@ spec: description: "`enableHttp2` can be used to disable HTTP2 when scraping the target." type: "boolean" filterRunning: - description: "When true, the pods which are not running (e.g. either in Failed or Succeeded state) are dropped during the target discovery. \n If unset, the filtering is enabled. \n More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase" + description: "When true, the pods which are not running (e.g. either in Failed or\nSucceeded state) are dropped during the target discovery.\n\n\nIf unset, the filtering is enabled.\n\n\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase" type: "boolean" followRedirects: - description: "`followRedirects` defines whether the scrape requests should follow HTTP 3xx redirects." + description: "`followRedirects` defines whether the scrape requests should follow HTTP\n3xx redirects." type: "boolean" honorLabels: - description: "When true, `honorLabels` preserves the metric's labels when they collide with the target's labels." + description: "When true, `honorLabels` preserves the metric's labels when they collide\nwith the target's labels." type: "boolean" honorTimestamps: - description: "`honorTimestamps` controls whether Prometheus preserves the timestamps when exposed by the target." + description: "`honorTimestamps` controls whether Prometheus preserves the timestamps\nwhen exposed by the target." type: "boolean" interval: - description: "Interval at which Prometheus scrapes the metrics from the target. \n If empty, Prometheus uses the global scrape interval." + description: "Interval at which Prometheus scrapes the metrics from the target.\n\n\nIf empty, Prometheus uses the global scrape interval." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" metricRelabelings: - description: "`metricRelabelings` configures the relabeling rules to apply to the samples before ingestion." + description: "`metricRelabelings` configures the relabeling rules to apply to the\nsamples before ingestion." items: - description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: "replace" - description: "Action to perform based on the regex matching. \n `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. \n Default: \"Replace\"" + description: "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"" enum: - "replace" - "Replace" @@ -207,35 +207,35 @@ spec: - "DropEqual" type: "string" modulus: - description: "Modulus to take of the hash of the source label values. \n Only applicable when the action is `HashMod`." + description: "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`." format: "int64" type: "integer" regex: description: "Regular expression against which the extracted value is matched." type: "string" replacement: - description: "Replacement value against which a Replace action is performed if the regular expression matches. \n Regex capture groups are available." + description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available." type: "string" separator: description: "Separator is the string between concatenated SourceLabels." type: "string" sourceLabels: - description: "The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression." + description: "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression." items: - description: "LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores." + description: "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores." pattern: "^[a-zA-Z_][a-zA-Z0-9_]*$" type: "string" type: "array" targetLabel: - description: "Label to which the resulting string is written in a replacement. \n It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. \n Regex capture groups are available." + description: "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available." type: "string" type: "object" type: "array" oauth2: - description: "`oauth2` configures the OAuth2 settings to use when scraping the target. \n It requires Prometheus >= 2.27.0. \n Cannot be set at the same time as `authorization`, or `basicAuth`." + description: "`oauth2` configures the OAuth2 settings to use when scraping the target.\n\n\nIt requires Prometheus >= 2.27.0.\n\n\nCannot be set at the same time as `authorization`, or `basicAuth`." properties: clientId: - description: "`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID." + description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." properties: configMap: description: "ConfigMap containing data to use for the targets." @@ -244,7 +244,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -260,7 +260,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -271,13 +271,13 @@ spec: x-kubernetes-map-type: "atomic" type: "object" clientSecret: - description: "`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret." + description: "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret." properties: key: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -289,7 +289,7 @@ spec: endpointParams: additionalProperties: type: "string" - description: "`endpointParams` configures the HTTP parameters to append to the token URL." + description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" scopes: description: "`scopes` defines the OAuth2 scopes used for the token request." @@ -313,22 +313,22 @@ spec: description: "`params` define optional HTTP URL parameters." type: "object" path: - description: "HTTP path from which to scrape for metrics. \n If empty, Prometheus uses the default value (e.g. `/metrics`)." + description: "HTTP path from which to scrape for metrics.\n\n\nIf empty, Prometheus uses the default value (e.g. `/metrics`)." type: "string" port: - description: "Name of the Pod port which this endpoint refers to. \n It takes precedence over `targetPort`." + description: "Name of the Pod port which this endpoint refers to.\n\n\nIt takes precedence over `targetPort`." type: "string" proxyUrl: - description: "`proxyURL` configures the HTTP Proxy URL (e.g. \"http://proxyserver:2195\") to go through when scraping the target." + description: "`proxyURL` configures the HTTP Proxy URL (e.g.\n\"http://proxyserver:2195\") to go through when scraping the target." type: "string" relabelings: - description: "`relabelings` configures the relabeling rules to apply the target's metadata labels. \n The Operator automatically adds relabelings for a few standard Kubernetes fields. \n The original scrape job's name is available via the `__tmp_prometheus_job_name` label. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "`relabelings` configures the relabeling rules to apply the target's\nmetadata labels.\n\n\nThe Operator automatically adds relabelings for a few standard Kubernetes fields.\n\n\nThe original scrape job's name is available via the `__tmp_prometheus_job_name` label.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" items: - description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: "replace" - description: "Action to perform based on the regex matching. \n `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. \n Default: \"Replace\"" + description: "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"" enum: - "replace" - "Replace" @@ -354,45 +354,45 @@ spec: - "DropEqual" type: "string" modulus: - description: "Modulus to take of the hash of the source label values. \n Only applicable when the action is `HashMod`." + description: "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`." format: "int64" type: "integer" regex: description: "Regular expression against which the extracted value is matched." type: "string" replacement: - description: "Replacement value against which a Replace action is performed if the regular expression matches. \n Regex capture groups are available." + description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available." type: "string" separator: description: "Separator is the string between concatenated SourceLabels." type: "string" sourceLabels: - description: "The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression." + description: "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression." items: - description: "LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores." + description: "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores." pattern: "^[a-zA-Z_][a-zA-Z0-9_]*$" type: "string" type: "array" targetLabel: - description: "Label to which the resulting string is written in a replacement. \n It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. \n Regex capture groups are available." + description: "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available." type: "string" type: "object" type: "array" scheme: - description: "HTTP scheme to use for scraping. \n `http` and `https` are the expected values unless you rewrite the `__scheme__` label via relabeling. \n If empty, Prometheus uses the default value `http`." + description: "HTTP scheme to use for scraping.\n\n\n`http` and `https` are the expected values unless you rewrite the\n`__scheme__` label via relabeling.\n\n\nIf empty, Prometheus uses the default value `http`." enum: - "http" - "https" type: "string" scrapeTimeout: - description: "Timeout after which Prometheus considers the scrape to be failed. \n If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used." + description: "Timeout after which Prometheus considers the scrape to be failed.\n\n\nIf empty, Prometheus uses the global scrape timeout unless it is less\nthan the target's scrape interval value in which the latter is used." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" targetPort: anyOf: - type: "integer" - type: "string" - description: "Name or number of the target port of the `Pod` object behind the Service, the port must be specified with container port property. \n Deprecated: use 'port' instead." + description: "Name or number of the target port of the `Pod` object behind the Service, the\nport must be specified with container port property.\n\n\nDeprecated: use 'port' instead." x-kubernetes-int-or-string: true tlsConfig: description: "TLS configuration to use when scraping the target." @@ -407,7 +407,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -423,7 +423,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -443,7 +443,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -459,7 +459,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -479,7 +479,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -493,17 +493,17 @@ spec: type: "string" type: "object" trackTimestampsStaleness: - description: "`trackTimestampsStaleness` defines whether Prometheus tracks staleness of the metrics that have an explicit timestamp present in scraped data. Has no effect if `honorTimestamps` is false. \n It requires Prometheus >= v2.48.0." + description: "`trackTimestampsStaleness` defines whether Prometheus tracks staleness of\nthe metrics that have an explicit timestamp present in scraped data.\nHas no effect if `honorTimestamps` is false.\n\n\nIt requires Prometheus >= v2.48.0." type: "boolean" type: "object" type: "array" podTargetLabels: - description: "`podTargetLabels` defines the labels which are transferred from the associated Kubernetes `Pod` object onto the ingested metrics." + description: "`podTargetLabels` defines the labels which are transferred from the\nassociated Kubernetes `Pod` object onto the ingested metrics." items: type: "string" type: "array" sampleLimit: - description: "`sampleLimit` defines a per-scrape limit on the number of scraped samples that will be accepted." + description: "`sampleLimit` defines a per-scrape limit on the number of scraped samples\nthat will be accepted." format: "int64" type: "integer" scrapeClass: @@ -511,9 +511,9 @@ spec: minLength: 1 type: "string" scrapeProtocols: - description: "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). \n If unset, Prometheus uses its default value. \n It requires Prometheus >= v2.49.0." + description: "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\n\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.49.0." items: - description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics. Supported values are: * `OpenMetricsText0.0.1` * `OpenMetricsText1.0.0` * `PrometheusProto` * `PrometheusText0.0.4`" + description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`" enum: - "PrometheusProto" - "OpenMetricsText0.0.1" @@ -528,16 +528,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -549,12 +549,12 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" targetLimit: - description: "`targetLimit` defines a limit on the number of scraped targets that will be accepted." + description: "`targetLimit` defines a limit on the number of scraped targets that will\nbe accepted." format: "int64" type: "integer" required: diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/probes.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/probes.yaml index 53b0d755d..b67119cd3 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/probes.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/probes.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.13.0" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "probes.monitoring.coreos.com" spec: group: "monitoring.coreos.com" @@ -23,10 +23,10 @@ spec: description: "Probe defines monitoring for a set of static targets or ingresses." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -43,7 +43,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -53,20 +53,20 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive. \n \"Basic\" is not a supported value. \n Default: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: - description: "BasicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint" + description: "BasicAuth allow an endpoint to authenticate over basic authentication.\nMore info: https://prometheus.io/docs/operating/configuration/#endpoint" properties: password: - description: "`password` specifies a key of a Secret containing the password for authentication." + description: "`password` specifies a key of a Secret containing the password for\nauthentication." properties: key: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -76,13 +76,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" username: - description: "`username` specifies a key of a Secret containing the username for authentication." + description: "`username` specifies a key of a Secret containing the username for\nauthentication." properties: key: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -93,13 +93,13 @@ spec: x-kubernetes-map-type: "atomic" type: "object" bearerTokenSecret: - description: "Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the probe and accessible by the Prometheus Operator." + description: "Secret to mount to read bearer token for scraping targets. The secret\nneeds to be in the same namespace as the probe and accessible by\nthe Prometheus Operator." properties: key: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -109,36 +109,36 @@ spec: type: "object" x-kubernetes-map-type: "atomic" interval: - description: "Interval at which targets are probed using the configured prober. If not specified Prometheus' global scrape interval is used." + description: "Interval at which targets are probed using the configured prober.\nIf not specified Prometheus' global scrape interval is used." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" jobName: description: "The job name assigned to scraped metrics by default." type: "string" keepDroppedTargets: - description: "Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. \n It requires Prometheus >= v2.47.0." + description: "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\n\nIt requires Prometheus >= v2.47.0." format: "int64" type: "integer" labelLimit: - description: "Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer." + description: "Per-scrape limit on number of labels that will be accepted for a sample.\nOnly valid in Prometheus versions 2.27.0 and newer." format: "int64" type: "integer" labelNameLengthLimit: - description: "Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer." + description: "Per-scrape limit on length of labels name that will be accepted for a sample.\nOnly valid in Prometheus versions 2.27.0 and newer." format: "int64" type: "integer" labelValueLengthLimit: - description: "Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer." + description: "Per-scrape limit on length of labels value that will be accepted for a sample.\nOnly valid in Prometheus versions 2.27.0 and newer." format: "int64" type: "integer" metricRelabelings: description: "MetricRelabelConfigs to apply to samples before ingestion." items: - description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: "replace" - description: "Action to perform based on the regex matching. \n `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. \n Default: \"Replace\"" + description: "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"" enum: - "replace" - "Replace" @@ -164,38 +164,38 @@ spec: - "DropEqual" type: "string" modulus: - description: "Modulus to take of the hash of the source label values. \n Only applicable when the action is `HashMod`." + description: "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`." format: "int64" type: "integer" regex: description: "Regular expression against which the extracted value is matched." type: "string" replacement: - description: "Replacement value against which a Replace action is performed if the regular expression matches. \n Regex capture groups are available." + description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available." type: "string" separator: description: "Separator is the string between concatenated SourceLabels." type: "string" sourceLabels: - description: "The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression." + description: "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression." items: - description: "LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores." + description: "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores." pattern: "^[a-zA-Z_][a-zA-Z0-9_]*$" type: "string" type: "array" targetLabel: - description: "Label to which the resulting string is written in a replacement. \n It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. \n Regex capture groups are available." + description: "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available." type: "string" type: "object" type: "array" module: - description: "The module to use for probing specifying how to probe the target. Example module configuring in the blackbox exporter: https://github.com/prometheus/blackbox_exporter/blob/master/example.yml" + description: "The module to use for probing specifying how to probe the target.\nExample module configuring in the blackbox exporter:\nhttps://github.com/prometheus/blackbox_exporter/blob/master/example.yml" type: "string" oauth2: description: "OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer." properties: clientId: - description: "`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID." + description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." properties: configMap: description: "ConfigMap containing data to use for the targets." @@ -204,7 +204,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -220,7 +220,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -231,13 +231,13 @@ spec: x-kubernetes-map-type: "atomic" type: "object" clientSecret: - description: "`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret." + description: "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret." properties: key: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -249,7 +249,7 @@ spec: endpointParams: additionalProperties: type: "string" - description: "`endpointParams` configures the HTTP parameters to append to the token URL." + description: "`endpointParams` configures the HTTP parameters to append to the token\nURL." type: "object" scopes: description: "`scopes` defines the OAuth2 scopes used for the token request." @@ -266,17 +266,17 @@ spec: - "tokenUrl" type: "object" prober: - description: "Specification for the prober to use for probing targets. The prober.URL parameter is required. Targets cannot be probed if left empty." + description: "Specification for the prober to use for probing targets.\nThe prober.URL parameter is required. Targets cannot be probed if left empty." properties: path: default: "/probe" - description: "Path to collect metrics from. Defaults to `/probe`." + description: "Path to collect metrics from.\nDefaults to `/probe`." type: "string" proxyUrl: description: "Optional ProxyURL." type: "string" scheme: - description: "HTTP scheme to use for scraping. `http` and `https` are the expected values unless you rewrite the `__scheme__` label via relabeling. If empty, Prometheus uses the default value `http`." + description: "HTTP scheme to use for scraping.\n`http` and `https` are the expected values unless you rewrite the `__scheme__` label via relabeling.\nIf empty, Prometheus uses the default value `http`." enum: - "http" - "https" @@ -296,9 +296,9 @@ spec: minLength: 1 type: "string" scrapeProtocols: - description: "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the protocols supported by Prometheus in order of preference (from most to least preferred). \n If unset, Prometheus uses its default value. \n It requires Prometheus >= v2.49.0." + description: "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\n\nIf unset, Prometheus uses its default value.\n\n\nIt requires Prometheus >= v2.49.0." items: - description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics. Supported values are: * `OpenMetricsText0.0.1` * `OpenMetricsText1.0.0` * `PrometheusProto` * `PrometheusText0.0.4`" + description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`" enum: - "PrometheusProto" - "OpenMetricsText0.0.1" @@ -308,7 +308,7 @@ spec: type: "array" x-kubernetes-list-type: "set" scrapeTimeout: - description: "Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used." + description: "Timeout for scraping metrics from the Prometheus exporter.\nIf not specified, the Prometheus global scrape timeout is used." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" targetLimit: @@ -319,13 +319,13 @@ spec: description: "Targets defines a set of static or dynamically discovered targets to probe." properties: ingress: - description: "ingress defines the Ingress objects to probe and the relabeling configuration. If `staticConfig` is also defined, `staticConfig` takes precedence." + description: "ingress defines the Ingress objects to probe and the relabeling\nconfiguration.\nIf `staticConfig` is also defined, `staticConfig` takes precedence." properties: namespaceSelector: description: "From which namespaces to select Ingress objects." properties: any: - description: "Boolean describing whether all namespaces are selected in contrast to a list restricting them." + description: "Boolean describing whether all namespaces are selected in contrast to a\nlist restricting them." type: "boolean" matchNames: description: "List of namespace names to select from." @@ -334,13 +334,13 @@ spec: type: "array" type: "object" relabelingConfigs: - description: "RelabelConfigs to apply to the label set of the target before it gets scraped. The original ingress address is available via the `__tmp_prometheus_ingress_address` label. It can be used to customize the probed URL. The original scrape job's name is available via the `__tmp_prometheus_job_name` label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "RelabelConfigs to apply to the label set of the target before it gets\nscraped.\nThe original ingress address is available via the\n`__tmp_prometheus_ingress_address` label. It can be used to customize the\nprobed URL.\nThe original scrape job's name is available via the `__tmp_prometheus_job_name` label.\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" items: - description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: "replace" - description: "Action to perform based on the regex matching. \n `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. \n Default: \"Replace\"" + description: "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"" enum: - "replace" - "Replace" @@ -366,27 +366,27 @@ spec: - "DropEqual" type: "string" modulus: - description: "Modulus to take of the hash of the source label values. \n Only applicable when the action is `HashMod`." + description: "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`." format: "int64" type: "integer" regex: description: "Regular expression against which the extracted value is matched." type: "string" replacement: - description: "Replacement value against which a Replace action is performed if the regular expression matches. \n Regex capture groups are available." + description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available." type: "string" separator: description: "Separator is the string between concatenated SourceLabels." type: "string" sourceLabels: - description: "The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression." + description: "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression." items: - description: "LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores." + description: "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores." pattern: "^[a-zA-Z_][a-zA-Z0-9_]*$" type: "string" type: "array" targetLabel: - description: "Label to which the resulting string is written in a replacement. \n It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. \n Regex capture groups are available." + description: "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available." type: "string" type: "object" type: "array" @@ -396,16 +396,16 @@ spec: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -417,13 +417,13 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" type: "object" staticConfig: - description: "staticConfig defines the static list of targets to probe and the relabeling configuration. If `ingress` is also defined, `staticConfig` takes precedence. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config." + description: "staticConfig defines the static list of targets to probe and the\nrelabeling configuration.\nIf `ingress` is also defined, `staticConfig` takes precedence.\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config." properties: labels: additionalProperties: @@ -431,13 +431,13 @@ spec: description: "Labels assigned to all metrics scraped from the targets." type: "object" relabelingConfigs: - description: "RelabelConfigs to apply to the label set of the targets before it gets scraped. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "RelabelConfigs to apply to the label set of the targets before it gets\nscraped.\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" items: - description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: "replace" - description: "Action to perform based on the regex matching. \n `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. \n Default: \"Replace\"" + description: "Action to perform based on the regex matching.\n\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\n\nDefault: \"Replace\"" enum: - "replace" - "Replace" @@ -463,27 +463,27 @@ spec: - "DropEqual" type: "string" modulus: - description: "Modulus to take of the hash of the source label values. \n Only applicable when the action is `HashMod`." + description: "Modulus to take of the hash of the source label values.\n\n\nOnly applicable when the action is `HashMod`." format: "int64" type: "integer" regex: description: "Regular expression against which the extracted value is matched." type: "string" replacement: - description: "Replacement value against which a Replace action is performed if the regular expression matches. \n Regex capture groups are available." + description: "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\n\nRegex capture groups are available." type: "string" separator: description: "Separator is the string between concatenated SourceLabels." type: "string" sourceLabels: - description: "The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression." + description: "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression." items: - description: "LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores." + description: "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores." pattern: "^[a-zA-Z_][a-zA-Z0-9_]*$" type: "string" type: "array" targetLabel: - description: "Label to which the resulting string is written in a replacement. \n It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. \n Regex capture groups are available." + description: "Label to which the resulting string is written in a replacement.\n\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\n\nRegex capture groups are available." type: "string" type: "object" type: "array" @@ -507,7 +507,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -523,7 +523,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -543,7 +543,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -559,7 +559,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -579,7 +579,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/prometheuses.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/prometheuses.yaml index 4a162d3e6..9f33ed549 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/prometheuses.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/prometheuses.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.13.0" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "prometheuses.monitoring.coreos.com" spec: group: "monitoring.coreos.com" @@ -50,24 +50,24 @@ spec: description: "Prometheus defines a Prometheus deployment." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" spec: - description: "Specification of the desired behavior of the Prometheus cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + description: "Specification of the desired behavior of the Prometheus cluster. More info:\nhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" properties: additionalAlertManagerConfigs: - description: "AdditionalAlertManagerConfigs specifies a key of a Secret containing additional Prometheus Alertmanager configurations. The Alertmanager configurations are appended to the configuration generated by the Prometheus Operator. They must be formatted according to the official Prometheus documentation: \n https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config \n The user is responsible for making sure that the configurations are valid \n Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade." + description: "AdditionalAlertManagerConfigs specifies a key of a Secret containing\nadditional Prometheus Alertmanager configurations. The Alertmanager\nconfigurations are appended to the configuration generated by the\nPrometheus Operator. They must be formatted according to the official\nPrometheus documentation:\n\n\nhttps://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config\n\n\nThe user is responsible for making sure that the configurations are valid\n\n\nNote that using this feature may expose the possibility to break\nupgrades of Prometheus. It is advised to review Prometheus release notes\nto ensure that no incompatible AlertManager configs are going to break\nPrometheus after the upgrade." properties: key: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -77,13 +77,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" additionalAlertRelabelConfigs: - description: "AdditionalAlertRelabelConfigs specifies a key of a Secret containing additional Prometheus alert relabel configurations. The alert relabel configurations are appended to the configuration generated by the Prometheus Operator. They must be formatted according to the official Prometheus documentation: \n https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs \n The user is responsible for making sure that the configurations are valid \n Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break Prometheus after the upgrade." + description: "AdditionalAlertRelabelConfigs specifies a key of a Secret containing\nadditional Prometheus alert relabel configurations. The alert relabel\nconfigurations are appended to the configuration generated by the\nPrometheus Operator. They must be formatted according to the official\nPrometheus documentation:\n\n\nhttps://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs\n\n\nThe user is responsible for making sure that the configurations are valid\n\n\nNote that using this feature may expose the possibility to break\nupgrades of Prometheus. It is advised to review Prometheus release notes\nto ensure that no incompatible alert relabel configs are going to break\nPrometheus after the upgrade." properties: key: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -93,7 +93,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" additionalArgs: - description: "AdditionalArgs allows setting additional arguments for the 'prometheus' container. \n It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supported by the given Prometheus version. \n In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged." + description: "AdditionalArgs allows setting additional arguments for the 'prometheus' container.\n\n\nIt is intended for e.g. activating hidden flags which are not supported by\nthe dedicated configuration options yet. The arguments are passed as-is to the\nPrometheus container which may cause issues if they are invalid or not supported\nby the given Prometheus version.\n\n\nIn case of an argument conflict (e.g. an argument which is already set by the\noperator itself) or when providing an invalid argument, the reconciliation will\nfail and an error will be logged." items: description: "Argument as part of the AdditionalArgs list." properties: @@ -109,13 +109,13 @@ spec: type: "object" type: "array" additionalScrapeConfigs: - description: "AdditionalScrapeConfigs allows specifying a key of a Secret containing additional Prometheus scrape configurations. Scrape configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible scrape configs are going to break Prometheus after the upgrade." + description: "AdditionalScrapeConfigs allows specifying a key of a Secret containing\nadditional Prometheus scrape configurations. Scrape configurations\nspecified are appended to the configurations generated by the Prometheus\nOperator. Job configurations specified must have the form as specified\nin the official Prometheus documentation:\nhttps://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config.\nAs scrape configs are appended, the user is responsible to make sure it\nis valid. Note that using this feature may expose the possibility to\nbreak upgrades of Prometheus. It is advised to review Prometheus release\nnotes to ensure that no incompatible scrape configs are going to break\nPrometheus after the upgrade." properties: key: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -131,9 +131,9 @@ spec: description: "Describes node affinity scheduling rules for the pod." properties: preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred." + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred." items: - description: "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." + description: "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." properties: preference: description: "A node selector term, associated with the corresponding weight." @@ -141,16 +141,16 @@ spec: matchExpressions: description: "A list of node selector requirements by node's labels." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -162,16 +162,16 @@ spec: matchFields: description: "A list of node selector requirements by node's fields." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -192,26 +192,26 @@ spec: type: "object" type: "array" requiredDuringSchedulingIgnoredDuringExecution: - description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node." + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: nodeSelectorTerms: description: "Required. A list of node selector terms. The terms are ORed." items: - description: "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm." + description: "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm." properties: matchExpressions: description: "A list of node selector requirements by node's labels." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -223,16 +223,16 @@ spec: matchFields: description: "A list of node selector requirements by node's fields." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -253,7 +253,7 @@ spec: description: "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s))." properties: preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." items: description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" properties: @@ -261,21 +261,21 @@ spec: description: "Required. A pod affinity term, associated with the corresponding weight." properties: labelSelector: - description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." + description: "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -287,38 +287,38 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -330,23 +330,23 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" type: "object" weight: - description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." format: "int32" type: "integer" required: @@ -355,26 +355,26 @@ spec: type: "object" type: "array" requiredDuringSchedulingIgnoredDuringExecution: - description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: - description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" properties: labelSelector: - description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." + description: "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -386,38 +386,38 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -429,17 +429,17 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" @@ -450,7 +450,7 @@ spec: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." properties: preferredDuringSchedulingIgnoredDuringExecution: - description: "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred." + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." items: description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" properties: @@ -458,21 +458,21 @@ spec: description: "Required. A pod affinity term, associated with the corresponding weight." properties: labelSelector: - description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." + description: "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -484,38 +484,38 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -527,23 +527,23 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" type: "object" weight: - description: "weight associated with matching the corresponding podAffinityTerm, in the range 1-100." + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." format: "int32" type: "integer" required: @@ -552,26 +552,26 @@ spec: type: "object" type: "array" requiredDuringSchedulingIgnoredDuringExecution: - description: "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied." + description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: - description: "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running" + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" properties: labelSelector: - description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." + description: "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -583,38 +583,38 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" namespaceSelector: - description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -626,17 +626,17 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" x-kubernetes-map-type: "atomic" namespaces: - description: "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." items: type: "string" type: "array" topologyKey: - description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed." + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" required: - "topologyKey" @@ -650,13 +650,13 @@ spec: alertmanagers: description: "AlertmanagerEndpoints Prometheus should fire alerts against." items: - description: "AlertmanagerEndpoints defines a selection of a single Endpoints object containing Alertmanager IPs to fire alerts against." + description: "AlertmanagerEndpoints defines a selection of a single Endpoints object\ncontaining Alertmanager IPs to fire alerts against." properties: apiVersion: - description: "Version of the Alertmanager API that Prometheus uses to send alerts. It can be \"v1\" or \"v2\"." + description: "Version of the Alertmanager API that Prometheus uses to send alerts.\nIt can be \"v1\" or \"v2\"." type: "string" authorization: - description: "Authorization section for Alertmanager. \n Cannot be set at the same time as `basicAuth`, `bearerTokenFile` or `sigv4`." + description: "Authorization section for Alertmanager.\n\n\nCannot be set at the same time as `basicAuth`, `bearerTokenFile` or `sigv4`." properties: credentials: description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." @@ -665,7 +665,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -675,20 +675,20 @@ spec: type: "object" x-kubernetes-map-type: "atomic" type: - description: "Defines the authentication type. The value is case-insensitive. \n \"Basic\" is not a supported value. \n Default: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: - description: "BasicAuth configuration for Alertmanager. \n Cannot be set at the same time as `bearerTokenFile`, `authorization` or `sigv4`." + description: "BasicAuth configuration for Alertmanager.\n\n\nCannot be set at the same time as `bearerTokenFile`, `authorization` or `sigv4`." properties: password: - description: "`password` specifies a key of a Secret containing the password for authentication." + description: "`password` specifies a key of a Secret containing the password for\nauthentication." properties: key: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -698,13 +698,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" username: - description: "`username` specifies a key of a Secret containing the username for authentication." + description: "`username` specifies a key of a Secret containing the username for\nauthentication." properties: key: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -715,7 +715,7 @@ spec: x-kubernetes-map-type: "atomic" type: "object" bearerTokenFile: - description: "File to read bearer token for Alertmanager. \n Cannot be set at the same time as `basicAuth`, `authorization`, or `sigv4`. \n Deprecated: this will be removed in a future release. Prefer using `authorization`." + description: "File to read bearer token for Alertmanager.\n\n\nCannot be set at the same time as `basicAuth`, `authorization`, or `sigv4`.\n\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`." type: "string" enableHttp2: description: "Whether to enable HTTP2." @@ -739,16 +739,16 @@ spec: description: "Scheme to use when firing alerts." type: "string" sigv4: - description: "Sigv4 allows to configures AWS's Signature Verification 4 for the URL. \n It requires Prometheus >= v2.48.0. \n Cannot be set at the same time as `basicAuth`, `bearerTokenFile` or `authorization`." + description: "Sigv4 allows to configures AWS's Signature Verification 4 for the URL.\n\n\nIt requires Prometheus >= v2.48.0.\n\n\nCannot be set at the same time as `basicAuth`, `bearerTokenFile` or `authorization`." properties: accessKey: - description: "AccessKey is the AWS API key. If not specified, the environment variable `AWS_ACCESS_KEY_ID` is used." + description: "AccessKey is the AWS API key. If not specified, the environment variable\n`AWS_ACCESS_KEY_ID` is used." properties: key: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -767,13 +767,13 @@ spec: description: "RoleArn is the named AWS profile used to authenticate." type: "string" secretKey: - description: "SecretKey is the AWS API secret. If not specified, the environment variable `AWS_SECRET_ACCESS_KEY` is used." + description: "SecretKey is the AWS API secret. If not specified, the environment\nvariable `AWS_SECRET_ACCESS_KEY` is used." properties: key: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -800,7 +800,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -816,7 +816,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -839,7 +839,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -855,7 +855,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -881,7 +881,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -904,13 +904,13 @@ spec: - "alertmanagers" type: "object" allowOverlappingBlocks: - description: "AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. \n Deprecated: this flag has no effect for Prometheus >= 2.39.0 where overlapping blocks are enabled by default." + description: "AllowOverlappingBlocks enables vertical compaction and vertical query\nmerge in Prometheus.\n\n\nDeprecated: this flag has no effect for Prometheus >= 2.39.0 where overlapping blocks are enabled by default." type: "boolean" apiserverConfig: - description: "APIServerConfig allows specifying a host and auth methods to access the Kuberntees API server. If null, Prometheus is assumed to run inside of the cluster: it will discover the API servers automatically and use the Pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/." + description: "APIServerConfig allows specifying a host and auth methods to access the\nKuberntees API server.\nIf null, Prometheus is assumed to run inside of the cluster: it will\ndiscover the API servers automatically and use the Pod's CA certificate\nand bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/." properties: authorization: - description: "Authorization section for the API server. \n Cannot be set at the same time as `basicAuth`, `bearerToken`, or `bearerTokenFile`." + description: "Authorization section for the API server.\n\n\nCannot be set at the same time as `basicAuth`, `bearerToken`, or\n`bearerTokenFile`." properties: credentials: description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." @@ -919,7 +919,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -932,20 +932,20 @@ spec: description: "File to read a secret from, mutually exclusive with `credentials`." type: "string" type: - description: "Defines the authentication type. The value is case-insensitive. \n \"Basic\" is not a supported value. \n Default: \"Bearer\"" + description: "Defines the authentication type. The value is case-insensitive.\n\n\n\"Basic\" is not a supported value.\n\n\nDefault: \"Bearer\"" type: "string" type: "object" basicAuth: - description: "BasicAuth configuration for the API server. \n Cannot be set at the same time as `authorization`, `bearerToken`, or `bearerTokenFile`." + description: "BasicAuth configuration for the API server.\n\n\nCannot be set at the same time as `authorization`, `bearerToken`, or\n`bearerTokenFile`." properties: password: - description: "`password` specifies a key of a Secret containing the password for authentication." + description: "`password` specifies a key of a Secret containing the password for\nauthentication." properties: key: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -955,13 +955,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" username: - description: "`username` specifies a key of a Secret containing the username for authentication." + description: "`username` specifies a key of a Secret containing the username for\nauthentication." properties: key: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -972,13 +972,13 @@ spec: x-kubernetes-map-type: "atomic" type: "object" bearerToken: - description: "*Warning: this field shouldn't be used because the token value appears in clear-text. Prefer using `authorization`.* \n Deprecated: this will be removed in a future release." + description: "*Warning: this field shouldn't be used because the token value appears\nin clear-text. Prefer using `authorization`.*\n\n\nDeprecated: this will be removed in a future release." type: "string" bearerTokenFile: - description: "File to read bearer token for accessing apiserver. \n Cannot be set at the same time as `basicAuth`, `authorization`, or `bearerToken`. \n Deprecated: this will be removed in a future release. Prefer using `authorization`." + description: "File to read bearer token for accessing apiserver.\n\n\nCannot be set at the same time as `basicAuth`, `authorization`, or `bearerToken`.\n\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`." type: "string" host: - description: "Kubernetes API address consisting of a hostname or IP address followed by an optional port number." + description: "Kubernetes API address consisting of a hostname or IP address followed\nby an optional port number." type: "string" tlsConfig: description: "TLS Config to use for the API server." @@ -993,7 +993,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1009,7 +1009,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1032,7 +1032,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1048,7 +1048,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1074,7 +1074,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1091,7 +1091,7 @@ spec: - "host" type: "object" arbitraryFSAccessThroughSMs: - description: "When true, ServiceMonitor, PodMonitor and Probe object are forbidden to reference arbitrary files on the file system of the 'prometheus' container. When a ServiceMonitor's endpoint specifies a `bearerTokenFile` value (e.g. '/var/run/secrets/kubernetes.io/serviceaccount/token'), a malicious target can get access to the Prometheus service account's token in the Prometheus' scrape request. Setting `spec.arbitraryFSAccessThroughSM` to 'true' would prevent the attack. Users should instead provide the credentials using the `spec.bearerTokenSecret` field." + description: "When true, ServiceMonitor, PodMonitor and Probe object are forbidden to\nreference arbitrary files on the file system of the 'prometheus'\ncontainer.\nWhen a ServiceMonitor's endpoint specifies a `bearerTokenFile` value\n(e.g. '/var/run/secrets/kubernetes.io/serviceaccount/token'), a\nmalicious target can get access to the Prometheus service account's\ntoken in the Prometheus' scrape request. Setting\n`spec.arbitraryFSAccessThroughSM` to 'true' would prevent the attack.\nUsers should instead provide the credentials using the\n`spec.bearerTokenSecret` field." properties: deny: type: "boolean" @@ -1100,31 +1100,31 @@ spec: description: "Deprecated: use 'spec.image' instead." type: "string" bodySizeLimit: - description: "BodySizeLimit defines per-scrape on response body size. Only valid in Prometheus versions 2.45.0 and newer." + description: "BodySizeLimit defines per-scrape on response body size.\nOnly valid in Prometheus versions 2.45.0 and newer." pattern: "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$" type: "string" configMaps: - description: "ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. Each ConfigMap is added to the StatefulSet definition as a volume named `configmap-`. The ConfigMaps are mounted into /etc/prometheus/configmaps/ in the 'prometheus' container." + description: "ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus\nobject, which shall be mounted into the Prometheus Pods.\nEach ConfigMap is added to the StatefulSet definition as a volume named `configmap-`.\nThe ConfigMaps are mounted into /etc/prometheus/configmaps/ in the 'prometheus' container." items: type: "string" type: "array" containers: - description: "Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to the Pods or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. \n The names of containers managed by the operator are: * `prometheus` * `config-reloader` * `thanos-sidecar` \n Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice." + description: "Containers allows injecting additional containers or modifying operator\ngenerated containers. This can be used to allow adding an authentication\nproxy to the Pods or to change the behavior of an operator generated\ncontainer. Containers described here modify an operator generated\ncontainer if they share the same name and modifications are done via a\nstrategic merge patch.\n\n\nThe names of containers managed by the operator are:\n* `prometheus`\n* `config-reloader`\n* `thanos-sidecar`\n\n\nOverriding containers is entirely outside the scope of what the\nmaintainers will support and by doing so, you accept that this behaviour\nmay break at any time without notice." items: description: "A single application container that you want to run within a pod." properties: args: - description: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" + description: "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" command: - description: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" + description: "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" env: - description: "List of environment variables to set in the container. Cannot be updated." + description: "List of environment variables to set in the container.\nCannot be updated." items: description: "EnvVar represents an environment variable present in a Container." properties: @@ -1132,7 +1132,7 @@ spec: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: description: "Source for the environment variable's value. Cannot be used if value is not empty." @@ -1144,7 +1144,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1154,7 +1154,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -1167,7 +1167,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -1193,7 +1193,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1208,7 +1208,7 @@ spec: type: "object" type: "array" envFrom: - description: "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated." + description: "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated." items: description: "EnvFromSource represents the source of a set of ConfigMaps" properties: @@ -1216,7 +1216,7 @@ spec: description: "The ConfigMap to select from" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1230,7 +1230,7 @@ spec: description: "The Secret to select from" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -1240,22 +1240,22 @@ spec: type: "object" type: "array" image: - description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." + description: "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." type: "string" imagePullPolicy: - description: "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images" + description: "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images" type: "string" lifecycle: - description: "Actions that the management system should take in response to container lifecycle events. Cannot be updated." + description: "Actions that the management system should take in response to container lifecycle events.\nCannot be updated." properties: postStart: - description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" + description: "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" @@ -1264,7 +1264,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -1272,7 +1272,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1289,10 +1289,10 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" @@ -1308,7 +1308,7 @@ spec: - "seconds" type: "object" tcpSocket: - description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified." + description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor the backward compatibility. There are no validation of this field and\nlifecycle hooks will fail in runtime when tcp handler is specified." properties: host: description: "Optional: Host name to connect to, defaults to the pod IP." @@ -1317,20 +1317,20 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" type: "object" preStop: - description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" + description: "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" @@ -1339,7 +1339,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -1347,7 +1347,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1364,10 +1364,10 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" @@ -1383,7 +1383,7 @@ spec: - "seconds" type: "object" tcpSocket: - description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified." + description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor the backward compatibility. There are no validation of this field and\nlifecycle hooks will fail in runtime when tcp handler is specified." properties: host: description: "Optional: Host name to connect to, defaults to the pod IP." @@ -1392,7 +1392,7 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" @@ -1400,19 +1400,19 @@ spec: type: "object" type: "object" livenessProbe: - description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: - description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: @@ -1423,7 +1423,7 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1432,7 +1432,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -1440,7 +1440,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1457,24 +1457,24 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: - description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1." + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: - description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1." + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: @@ -1487,45 +1487,45 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: - description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset." + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" name: - description: "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated." + description: "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated." type: "string" ports: - description: "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated." + description: "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated." items: description: "ContainerPort represents a network port in a single container." properties: containerPort: - description: "Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536." + description: "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536." format: "int32" type: "integer" hostIP: description: "What host IP to bind the external port to." type: "string" hostPort: - description: "Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this." + description: "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this." format: "int32" type: "integer" name: - description: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services." + description: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services." type: "string" protocol: default: "TCP" - description: "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\"." + description: "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\"." type: "string" required: - "containerPort" @@ -1536,19 +1536,19 @@ spec: - "protocol" x-kubernetes-list-type: "map" readinessProbe: - description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: - description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: @@ -1559,7 +1559,7 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1568,7 +1568,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -1576,7 +1576,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1593,24 +1593,24 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: - description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1." + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: - description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1." + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: @@ -1623,17 +1623,17 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: - description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset." + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" @@ -1643,10 +1643,10 @@ spec: description: "ContainerResizePolicy represents resource resize policy for the container." properties: resourceName: - description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." + description: "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory." type: "string" restartPolicy: - description: "Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired." + description: "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired." type: "string" required: - "resourceName" @@ -1655,15 +1655,15 @@ spec: type: "array" x-kubernetes-list-type: "atomic" resources: - description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" required: - "name" @@ -1679,7 +1679,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -1688,20 +1688,20 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" restartPolicy: - description: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is \"Always\". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed." + description: "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted." type: "string" securityContext: - description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" + description: "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" properties: allowPrivilegeEscalation: - description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." + description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" capabilities: - description: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows." + description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: add: description: "Added capabilities" @@ -1717,27 +1717,27 @@ spec: type: "array" type: "object" privileged: - description: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows." + description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: - description: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows." + description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" runAsGroup: - description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" runAsNonRoot: - description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "boolean" runAsUser: - description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" seLinuxOptions: - description: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." properties: level: description: "Level is SELinux level label that applies to the container." @@ -1753,48 +1753,48 @@ spec: type: "string" type: "object" seccompProfile: - description: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows." + description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: - description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is \"Localhost\". Must NOT be set for any other type." + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" windowsOptions: - description: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux." + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: gmsaCredentialSpec: - description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field." + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: - description: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true." + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." type: "boolean" runAsUserName: - description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" startupProbe: - description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: - description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: @@ -1805,7 +1805,7 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1814,7 +1814,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -1822,7 +1822,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -1839,24 +1839,24 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: - description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1." + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: - description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1." + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: @@ -1869,34 +1869,34 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: - description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset." + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" stdin: - description: "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false." + description: "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false." type: "boolean" stdinOnce: - description: "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false" + description: "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false" type: "boolean" terminationMessagePath: - description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." + description: "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated." type: "string" terminationMessagePolicy: - description: "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated." + description: "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated." type: "string" tty: - description: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false." + description: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false." type: "boolean" volumeDevices: description: "volumeDevices is the list of block devices to be used by the container." @@ -1915,27 +1915,27 @@ spec: type: "object" type: "array" volumeMounts: - description: "Pod volumes to mount into the container's filesystem. Cannot be updated." + description: "Pod volumes to mount into the container's filesystem.\nCannot be updated." items: description: "VolumeMount describes a mounting of a Volume within a container." properties: mountPath: - description: "Path within the container at which the volume should be mounted. Must not contain ':'." + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." type: "string" mountPropagation: - description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10." + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." type: "string" name: description: "This must match the Name of a Volume." type: "string" readOnly: - description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false." + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" subPath: - description: "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root)." + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." type: "string" subPathExpr: - description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive." + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." type: "string" required: - "mountPath" @@ -1943,7 +1943,7 @@ spec: type: "object" type: "array" workingDir: - description: "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated." + description: "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated." type: "string" required: - "name" @@ -1953,56 +1953,56 @@ spec: description: "When true, the Prometheus compaction is disabled." type: "boolean" enableAdminAPI: - description: "Enables access to the Prometheus web admin API. \n WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, shutdown Prometheus, and more. Enabling this should be done with care and the user is advised to add additional authentication authorization via a proxy to ensure only clients authorized to perform these actions can do so. \n For more information: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis" + description: "Enables access to the Prometheus web admin API.\n\n\nWARNING: Enabling the admin APIs enables mutating endpoints, to delete data,\nshutdown Prometheus, and more. Enabling this should be done with care and the\nuser is advised to add additional authentication authorization via a proxy to\nensure only clients authorized to perform these actions can do so.\n\n\nFor more information:\nhttps://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis" type: "boolean" enableFeatures: - description: "Enable access to Prometheus feature flags. By default, no features are enabled. \n Enabling features which are disabled by default is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. \n For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/" + description: "Enable access to Prometheus feature flags. By default, no features are enabled.\n\n\nEnabling features which are disabled by default is entirely outside the\nscope of what the maintainers will support and by doing so, you accept\nthat this behaviour may break at any time without notice.\n\n\nFor more information see https://prometheus.io/docs/prometheus/latest/feature_flags/" items: minLength: 1 type: "string" type: "array" x-kubernetes-list-type: "set" enableRemoteWriteReceiver: - description: "Enable Prometheus to be used as a receiver for the Prometheus remote write protocol. \n WARNING: This is not considered an efficient way of ingesting samples. Use it with caution for specific low-volume use cases. It is not suitable for replacing the ingestion via scraping and turning Prometheus into a push-based metrics collection system. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver \n It requires Prometheus >= v2.33.0." + description: "Enable Prometheus to be used as a receiver for the Prometheus remote\nwrite protocol.\n\n\nWARNING: This is not considered an efficient way of ingesting samples.\nUse it with caution for specific low-volume use cases.\nIt is not suitable for replacing the ingestion via scraping and turning\nPrometheus into a push-based metrics collection system.\nFor more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver\n\n\nIt requires Prometheus >= v2.33.0." type: "boolean" enforcedBodySizeLimit: - description: "When defined, enforcedBodySizeLimit specifies a global limit on the size of uncompressed response body that will be accepted by Prometheus. Targets responding with a body larger than this many bytes will cause the scrape to fail. \n It requires Prometheus >= v2.28.0." + description: "When defined, enforcedBodySizeLimit specifies a global limit on the size\nof uncompressed response body that will be accepted by Prometheus.\nTargets responding with a body larger than this many bytes will cause\nthe scrape to fail.\n\n\nIt requires Prometheus >= v2.28.0." pattern: "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$" type: "string" enforcedKeepDroppedTargets: - description: "When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets dropped by relabeling that will be kept in memory. The value overrides any `spec.keepDroppedTargets` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is greater than zero and less than `spec.enforcedKeepDroppedTargets`. \n It requires Prometheus >= v2.47.0." + description: "When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets\ndropped by relabeling that will be kept in memory. The value overrides\nany `spec.keepDroppedTargets` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is\ngreater than zero and less than `spec.enforcedKeepDroppedTargets`.\n\n\nIt requires Prometheus >= v2.47.0." format: "int64" type: "integer" enforcedLabelLimit: - description: "When defined, enforcedLabelLimit specifies a global limit on the number of labels per sample. The value overrides any `spec.labelLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is greater than zero and less than `spec.enforcedLabelLimit`. \n It requires Prometheus >= v2.27.0." + description: "When defined, enforcedLabelLimit specifies a global limit on the number\nof labels per sample. The value overrides any `spec.labelLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is\ngreater than zero and less than `spec.enforcedLabelLimit`.\n\n\nIt requires Prometheus >= v2.27.0." format: "int64" type: "integer" enforcedLabelNameLengthLimit: - description: "When defined, enforcedLabelNameLengthLimit specifies a global limit on the length of labels name per sample. The value overrides any `spec.labelNameLengthLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is greater than zero and less than `spec.enforcedLabelNameLengthLimit`. \n It requires Prometheus >= v2.27.0." + description: "When defined, enforcedLabelNameLengthLimit specifies a global limit on the length\nof labels name per sample. The value overrides any `spec.labelNameLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelNameLengthLimit`.\n\n\nIt requires Prometheus >= v2.27.0." format: "int64" type: "integer" enforcedLabelValueLengthLimit: - description: "When not null, enforcedLabelValueLengthLimit defines a global limit on the length of labels value per sample. The value overrides any `spec.labelValueLengthLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is greater than zero and less than `spec.enforcedLabelValueLengthLimit`. \n It requires Prometheus >= v2.27.0." + description: "When not null, enforcedLabelValueLengthLimit defines a global limit on the length\nof labels value per sample. The value overrides any `spec.labelValueLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelValueLengthLimit`.\n\n\nIt requires Prometheus >= v2.27.0." format: "int64" type: "integer" enforcedNamespaceLabel: - description: "When not empty, a label will be added to \n 1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects. 2. All metrics generated from recording rules defined in `PrometheusRule` objects. 3. All alerts generated from alerting rules defined in `PrometheusRule` objects. 4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects. \n The label will not added for objects referenced in `spec.excludedFromEnforcement`. \n The label's name is this field's value. The label's value is the namespace of the `ServiceMonitor`, `PodMonitor`, `Probe` or `PrometheusRule` object." + description: "When not empty, a label will be added to\n\n\n1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects.\n2. All metrics generated from recording rules defined in `PrometheusRule` objects.\n3. All alerts generated from alerting rules defined in `PrometheusRule` objects.\n4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects.\n\n\nThe label will not added for objects referenced in `spec.excludedFromEnforcement`.\n\n\nThe label's name is this field's value.\nThe label's value is the namespace of the `ServiceMonitor`,\n`PodMonitor`, `Probe` or `PrometheusRule` object." type: "string" enforcedSampleLimit: - description: "When defined, enforcedSampleLimit specifies a global limit on the number of scraped samples that will be accepted. This overrides any `spec.sampleLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.sampleLimit` is greater than zero and less than `spec.enforcedSampleLimit`. \n It is meant to be used by admins to keep the overall number of samples/series under a desired limit." + description: "When defined, enforcedSampleLimit specifies a global limit on the number\nof scraped samples that will be accepted. This overrides any\n`spec.sampleLimit` set by ServiceMonitor, PodMonitor, Probe objects\nunless `spec.sampleLimit` is greater than zero and less than\n`spec.enforcedSampleLimit`.\n\n\nIt is meant to be used by admins to keep the overall number of\nsamples/series under a desired limit." format: "int64" type: "integer" enforcedTargetLimit: - description: "When defined, enforcedTargetLimit specifies a global limit on the number of scraped targets. The value overrides any `spec.targetLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is greater than zero and less than `spec.enforcedTargetLimit`. \n It is meant to be used by admins to to keep the overall number of targets under a desired limit." + description: "When defined, enforcedTargetLimit specifies a global limit on the number\nof scraped targets. The value overrides any `spec.targetLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is\ngreater than zero and less than `spec.enforcedTargetLimit`.\n\n\nIt is meant to be used by admins to to keep the overall number of\ntargets under a desired limit." format: "int64" type: "integer" evaluationInterval: default: "30s" - description: "Interval between rule evaluations. Default: \"30s\"" + description: "Interval between rule evaluations.\nDefault: \"30s\"" pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" excludedFromEnforcement: - description: "List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin. \n It is only applicable if `spec.enforcedNamespaceLabel` set to true." + description: "List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects\nto be excluded from enforcing a namespace label of origin.\n\n\nIt is only applicable if `spec.enforcedNamespaceLabel` set to true." items: description: "ObjectReference references a PodMonitor, ServiceMonitor, Probe or PrometheusRule object." properties: @@ -2016,7 +2016,7 @@ spec: description: "Name of the referent. When not set, all resources in the namespace are matched." type: "string" namespace: - description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" minLength: 1 type: "string" resource: @@ -2034,25 +2034,25 @@ spec: type: "object" type: "array" exemplars: - description: "Exemplars related settings that are runtime reloadable. It requires to enable the `exemplar-storage` feature flag to be effective." + description: "Exemplars related settings that are runtime reloadable.\nIt requires to enable the `exemplar-storage` feature flag to be effective." properties: maxSize: - description: "Maximum number of exemplars stored in memory for all series. \n exemplar-storage itself must be enabled using the `spec.enableFeature` option for exemplars to be scraped in the first place. \n If not set, Prometheus uses its default value. A value of zero or less than zero disables the storage." + description: "Maximum number of exemplars stored in memory for all series.\n\n\nexemplar-storage itself must be enabled using the `spec.enableFeature`\noption for exemplars to be scraped in the first place.\n\n\nIf not set, Prometheus uses its default value. A value of zero or less\nthan zero disables the storage." format: "int64" type: "integer" type: "object" externalLabels: additionalProperties: type: "string" - description: "The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager). Labels defined by `spec.replicaExternalLabelName` and `spec.prometheusExternalLabelName` take precedence over this list." + description: "The labels to add to any time series or alerts when communicating with\nexternal systems (federation, remote storage, Alertmanager).\nLabels defined by `spec.replicaExternalLabelName` and\n`spec.prometheusExternalLabelName` take precedence over this list." type: "object" externalUrl: - description: "The external URL under which the Prometheus service is externally available. This is necessary to generate correct URLs (for instance if Prometheus is accessible behind an Ingress resource)." + description: "The external URL under which the Prometheus service is externally\navailable. This is necessary to generate correct URLs (for instance if\nPrometheus is accessible behind an Ingress resource)." type: "string" hostAliases: - description: "Optional list of hosts and IPs that will be injected into the Pod's hosts file if specified." + description: "Optional list of hosts and IPs that will be injected into the Pod's\nhosts file if specified." items: - description: "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file." + description: "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the\npod's hosts file." properties: hostnames: description: "Hostnames for the above IP address." @@ -2071,16 +2071,16 @@ spec: - "ip" x-kubernetes-list-type: "map" hostNetwork: - description: "Use the host's network namespace if true. \n Make sure to understand the security implications if you want to enable it (https://kubernetes.io/docs/concepts/configuration/overview/). \n When hostNetwork is enabled, this will set the DNS policy to `ClusterFirstWithHostNet` automatically." + description: "Use the host's network namespace if true.\n\n\nMake sure to understand the security implications if you want to enable\nit (https://kubernetes.io/docs/concepts/configuration/overview/).\n\n\nWhen hostNetwork is enabled, this will set the DNS policy to\n`ClusterFirstWithHostNet` automatically." type: "boolean" ignoreNamespaceSelectors: - description: "When true, `spec.namespaceSelector` from all PodMonitor, ServiceMonitor and Probe objects will be ignored. They will only discover targets within the namespace of the PodMonitor, ServiceMonitor and Probe object." + description: "When true, `spec.namespaceSelector` from all PodMonitor, ServiceMonitor\nand Probe objects will be ignored. They will only discover targets\nwithin the namespace of the PodMonitor, ServiceMonitor and Probe\nobject." type: "boolean" image: - description: "Container image name for Prometheus. If specified, it takes precedence over the `spec.baseImage`, `spec.tag` and `spec.sha` fields. \n Specifying `spec.version` is still necessary to ensure the Prometheus Operator knows which version of Prometheus is being configured. \n If neither `spec.image` nor `spec.baseImage` are defined, the operator will use the latest upstream version of Prometheus available at the time when the operator was released." + description: "Container image name for Prometheus. If specified, it takes precedence\nover the `spec.baseImage`, `spec.tag` and `spec.sha` fields.\n\n\nSpecifying `spec.version` is still necessary to ensure the Prometheus\nOperator knows which version of Prometheus is being configured.\n\n\nIf neither `spec.image` nor `spec.baseImage` are defined, the operator\nwill use the latest upstream version of Prometheus available at the time\nwhen the operator was released." type: "string" imagePullPolicy: - description: "Image pull policy for the 'prometheus', 'init-config-reloader' and 'config-reloader' containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details." + description: "Image pull policy for the 'prometheus', 'init-config-reloader' and 'config-reloader' containers.\nSee https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details." enum: - "" - "Always" @@ -2088,33 +2088,33 @@ spec: - "IfNotPresent" type: "string" imagePullSecrets: - description: "An optional list of references to Secrets in the same namespace to use for pulling images from registries. See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod" + description: "An optional list of references to Secrets in the same namespace\nto use for pulling images from registries.\nSee http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod" items: - description: "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace." + description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" x-kubernetes-map-type: "atomic" type: "array" initContainers: - description: "InitContainers allows injecting initContainers to the Pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch. \n The names of init container name managed by the operator are: * `init-config-reloader`. \n Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice." + description: "InitContainers allows injecting initContainers to the Pod definition. Those\ncan be used to e.g. fetch secrets for injection into the Prometheus\nconfiguration from external sources. Any errors during the execution of\nan initContainer will lead to a restart of the Pod. More info:\nhttps://kubernetes.io/docs/concepts/workloads/pods/init-containers/\nInitContainers described here modify an operator generated init\ncontainers if they share the same name and modifications are done via a\nstrategic merge patch.\n\n\nThe names of init container name managed by the operator are:\n* `init-config-reloader`.\n\n\nOverriding init containers is entirely outside the scope of what the\nmaintainers will support and by doing so, you accept that this behaviour\nmay break at any time without notice." items: description: "A single application container that you want to run within a pod." properties: args: - description: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" + description: "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" command: - description: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" + description: "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" env: - description: "List of environment variables to set in the container. Cannot be updated." + description: "List of environment variables to set in the container.\nCannot be updated." items: description: "EnvVar represents an environment variable present in a Container." properties: @@ -2122,7 +2122,7 @@ spec: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: description: "Source for the environment variable's value. Cannot be used if value is not empty." @@ -2134,7 +2134,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2144,7 +2144,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -2157,7 +2157,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -2183,7 +2183,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2198,7 +2198,7 @@ spec: type: "object" type: "array" envFrom: - description: "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated." + description: "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated." items: description: "EnvFromSource represents the source of a set of ConfigMaps" properties: @@ -2206,7 +2206,7 @@ spec: description: "The ConfigMap to select from" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -2220,7 +2220,7 @@ spec: description: "The Secret to select from" properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -2230,22 +2230,22 @@ spec: type: "object" type: "array" image: - description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." + description: "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." type: "string" imagePullPolicy: - description: "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images" + description: "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images" type: "string" lifecycle: - description: "Actions that the management system should take in response to container lifecycle events. Cannot be updated." + description: "Actions that the management system should take in response to container lifecycle events.\nCannot be updated." properties: postStart: - description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" + description: "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" @@ -2254,7 +2254,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -2262,7 +2262,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -2279,10 +2279,10 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" @@ -2298,7 +2298,7 @@ spec: - "seconds" type: "object" tcpSocket: - description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified." + description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor the backward compatibility. There are no validation of this field and\nlifecycle hooks will fail in runtime when tcp handler is specified." properties: host: description: "Optional: Host name to connect to, defaults to the pod IP." @@ -2307,20 +2307,20 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" type: "object" preStop: - description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" + description: "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" @@ -2329,7 +2329,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -2337,7 +2337,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -2354,10 +2354,10 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" @@ -2373,7 +2373,7 @@ spec: - "seconds" type: "object" tcpSocket: - description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified." + description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor the backward compatibility. There are no validation of this field and\nlifecycle hooks will fail in runtime when tcp handler is specified." properties: host: description: "Optional: Host name to connect to, defaults to the pod IP." @@ -2382,7 +2382,7 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" @@ -2390,19 +2390,19 @@ spec: type: "object" type: "object" livenessProbe: - description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: - description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: @@ -2413,7 +2413,7 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2422,7 +2422,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -2430,7 +2430,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -2447,24 +2447,24 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: - description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1." + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: - description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1." + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: @@ -2477,45 +2477,45 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: - description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset." + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" name: - description: "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated." + description: "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated." type: "string" ports: - description: "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated." + description: "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated." items: description: "ContainerPort represents a network port in a single container." properties: containerPort: - description: "Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536." + description: "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536." format: "int32" type: "integer" hostIP: description: "What host IP to bind the external port to." type: "string" hostPort: - description: "Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this." + description: "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this." format: "int32" type: "integer" name: - description: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services." + description: "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services." type: "string" protocol: default: "TCP" - description: "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\"." + description: "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\"." type: "string" required: - "containerPort" @@ -2526,19 +2526,19 @@ spec: - "protocol" x-kubernetes-list-type: "map" readinessProbe: - description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: - description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: @@ -2549,7 +2549,7 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2558,7 +2558,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -2566,7 +2566,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -2583,24 +2583,24 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: - description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1." + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: - description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1." + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: @@ -2613,17 +2613,17 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: - description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset." + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" @@ -2633,10 +2633,10 @@ spec: description: "ContainerResizePolicy represents resource resize policy for the container." properties: resourceName: - description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." + description: "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory." type: "string" restartPolicy: - description: "Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired." + description: "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired." type: "string" required: - "resourceName" @@ -2645,15 +2645,15 @@ spec: type: "array" x-kubernetes-list-type: "atomic" resources: - description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" required: - "name" @@ -2669,7 +2669,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -2678,20 +2678,20 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" restartPolicy: - description: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is \"Always\". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed." + description: "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted." type: "string" securityContext: - description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" + description: "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" properties: allowPrivilegeEscalation: - description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." + description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" capabilities: - description: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows." + description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: add: description: "Added capabilities" @@ -2707,27 +2707,27 @@ spec: type: "array" type: "object" privileged: - description: "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows." + description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: - description: "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows." + description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" runAsGroup: - description: "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" runAsNonRoot: - description: "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "boolean" runAsUser: - description: "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" seLinuxOptions: - description: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + description: "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows." properties: level: description: "Level is SELinux level label that applies to the container." @@ -2743,48 +2743,48 @@ spec: type: "string" type: "object" seccompProfile: - description: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows." + description: "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows." properties: localhostProfile: - description: "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is \"Localhost\". Must NOT be set for any other type." + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" windowsOptions: - description: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux." + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: gmsaCredentialSpec: - description: "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field." + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." type: "string" gmsaCredentialSpecName: description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." type: "string" hostProcess: - description: "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true." + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." type: "boolean" runAsUserName: - description: "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence." + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." type: "string" type: "object" type: "object" startupProbe: - description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" properties: exec: description: "Exec specifies the action to take." properties: command: - description: "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + description: "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy." items: type: "string" type: "array" type: "object" failureThreshold: - description: "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." format: "int32" type: "integer" grpc: @@ -2795,7 +2795,7 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2804,7 +2804,7 @@ spec: description: "HTTPGet specifies the http request to perform." properties: host: - description: "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead." + description: "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead." type: "string" httpHeaders: description: "Custom headers to set in the request. HTTP allows repeated headers." @@ -2812,7 +2812,7 @@ spec: description: "HTTPHeader describes a custom header to be used in HTTP probes" properties: name: - description: "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header." + description: "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header." type: "string" value: description: "The header field value" @@ -2829,24 +2829,24 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true scheme: - description: "Scheme to use for connecting to the host. Defaults to HTTP." + description: "Scheme to use for connecting to the host.\nDefaults to HTTP." type: "string" required: - "port" type: "object" initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" periodSeconds: - description: "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1." + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." format: "int32" type: "integer" successThreshold: - description: "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1." + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." format: "int32" type: "integer" tcpSocket: @@ -2859,34 +2859,34 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + description: "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME." x-kubernetes-int-or-string: true required: - "port" type: "object" terminationGracePeriodSeconds: - description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset." + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." format: "int64" type: "integer" timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" format: "int32" type: "integer" type: "object" stdin: - description: "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false." + description: "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false." type: "boolean" stdinOnce: - description: "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false" + description: "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false" type: "boolean" terminationMessagePath: - description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." + description: "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated." type: "string" terminationMessagePolicy: - description: "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated." + description: "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated." type: "string" tty: - description: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false." + description: "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false." type: "boolean" volumeDevices: description: "volumeDevices is the list of block devices to be used by the container." @@ -2905,27 +2905,27 @@ spec: type: "object" type: "array" volumeMounts: - description: "Pod volumes to mount into the container's filesystem. Cannot be updated." + description: "Pod volumes to mount into the container's filesystem.\nCannot be updated." items: description: "VolumeMount describes a mounting of a Volume within a container." properties: mountPath: - description: "Path within the container at which the volume should be mounted. Must not contain ':'." + description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." type: "string" mountPropagation: - description: "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10." + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." type: "string" name: description: "This must match the Name of a Volume." type: "string" readOnly: - description: "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false." + description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" subPath: - description: "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root)." + description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." type: "string" subPathExpr: - description: "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive." + description: "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." type: "string" required: - "mountPath" @@ -2933,30 +2933,30 @@ spec: type: "object" type: "array" workingDir: - description: "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated." + description: "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated." type: "string" required: - "name" type: "object" type: "array" keepDroppedTargets: - description: "Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. \n It requires Prometheus >= v2.47.0." + description: "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\n\nIt requires Prometheus >= v2.47.0." format: "int64" type: "integer" labelLimit: - description: "Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer." + description: "Per-scrape limit on number of labels that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer." format: "int64" type: "integer" labelNameLengthLimit: - description: "Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer." + description: "Per-scrape limit on length of labels name that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer." format: "int64" type: "integer" labelValueLengthLimit: - description: "Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer." + description: "Per-scrape limit on length of labels value that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer." format: "int64" type: "integer" listenLocal: - description: "When true, the Prometheus server listens on the loopback address instead of the Pod IP's address." + description: "When true, the Prometheus server listens on the loopback address\ninstead of the Pod IP's address." type: "boolean" logFormat: description: "Log format for Log level for Prometheus and the config-reloader sidecar." @@ -2975,12 +2975,12 @@ spec: - "error" type: "string" maximumStartupDurationSeconds: - description: "Defines the maximum time that the `prometheus` container's startup probe will wait before being considered failed. The startup probe will return success after the WAL replay is complete. If set, the value should be greater than 60 (seconds). Otherwise it will be equal to 600 seconds (15 minutes)." + description: "Defines the maximum time that the `prometheus` container's startup probe will wait before being considered failed. The startup probe will return success after the WAL replay is complete.\nIf set, the value should be greater than 60 (seconds). Otherwise it will be equal to 600 seconds (15 minutes)." format: "int32" minimum: 60.0 type: "integer" minReadySeconds: - description: "Minimum number of seconds for which a newly created Pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) \n This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate." + description: "Minimum number of seconds for which a newly created Pod should be ready\nwithout any of its container crashing for it to be considered available.\nDefaults to 0 (pod will be considered available as soon as it is ready)\n\n\nThis is an alpha field from kubernetes 1.22 until 1.24 which requires\nenabling the StatefulSetMinReadySeconds feature gate." format: "int32" type: "integer" nodeSelector: @@ -2989,57 +2989,57 @@ spec: description: "Defines on which Nodes the Pods are scheduled." type: "object" overrideHonorLabels: - description: "When true, Prometheus resolves label conflicts by renaming the labels in the scraped data to \"exported_